Try our conversational search powered by Generative AI!
AI OnAI Off
Best practice for removing Admin interface on Episerver 9 / 10 frontend servers
Ah, I have overlooked this documentation page: http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Security/Securing-edit-and-admin-user-interfaces/
Nov 24, 2016 11:52
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
Hi Forum
We are in the process of setting up a new Episerver 9 solution. Actually we are on 9 now, but will most likely upgrade to 10 before we go live. If this changes anything, we may upgrade sooner than later.
We are planning on setting up 2 frontend servers and 1 application server.
I'm looking for the best practice on how to remove the Episerver admin interface from the frontend servers, or at least make it inaccessible from the internet. I have found different articles on the internet, but they all seem to be for older versions of Episerver.
Are there an article/blog post that I'm missing, that is also relevant for Episerver 9 or 10?
One of the solutions that we are looking at, is to just filter out /episerver on the loadbalancer or firewall. At least from the internet, but to allow internal users to still access the URL.
This still installs the Admin interface on the frontend servers, and I'm not sure that is the best way to go.
How do you normally avoid exposing the admin interface to the internet?
Thank you for you input.
Regards
Anders