EPiServer CMS 6.0 / R2
Document last saved:
EPiServer CMS allows relocation of the edit and admin folders and configurable HTTP ports, to make it harder for intruders to access sensitive resources.
This document contains instructions on how to secure the UI folder (which contains the EPiServer editor and administration interfaces) and also how to ensure that the application will continue to work even if the UI folder is moved to a new location.
By default the edit and admin folders of EPiServer CMS are located in the program files folder on the machines C:\ drive and are linked with Virtual Path Providers.
Follow the steps below to secure edit/admin and its ports on a default installation of EPiServer CMS:
<add name="UI" virtualPath="~/newuipath/" physicalPath="C:\Program Files\EPiServer\CMS\6.0.530.0\application\UI" type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer" />
Add a specially designated (and restricted) port for access in the Internet Information Services (IIS) for the site (used for the UI folder in the step 1 above - port 8888 is used for uiUrl). Access to this port could then be restricted. (This step can be omitted if you are only wish to change the folders).
The default location ui folder contains admin and edit folders :
Using SSL (Secure Sockets Layer) to secure the wbsite and/or UI folder is possible - see the information in the following links:
Block access by IP or to add SSL
In order to block access by IP (or to add SSL), you will need to move the UI folder from to the site root so that you can set security in IIS.
Change the physicalPath= to the site root, for example "C:\EPiServer\Sites\MyEPiServerSite\ui"