I would like to know the best way to remove the edit/admin mode and not give the user an 403 but an 404.
The enterprise site has an editor machine that publishes out to front end servers.
For security reasons it is a bad design giving information away that we have something hidden with an 403 the user should get 404 instead.
Ok found one simple solution that seems to be working.
Just remove the [webroot]/modules/_protected folder.
That gives 404 when trying to access the edit admin mode.
One option is to use IIS Rewrite with the following rule:
Also you might then want to disable the utilUrl too (~/util/)
No warranties on the solution other than that it returns the desired 404 response and no friendly 404 page ;)