Vulnerability in EPiServer.Forms
In a load balanced environment, I would like to turn off the CMS from the www front servers (we have a dedicated cms server).
What is best practice when it comes to this, just empty the field for cms url in episerver.config or something else?
There's a nice article in the documentation on what we recommend:
Thanks a lot Toni!
The magic text was:
"Follow the description below to make the edit/admin user interfaces unavailable on a publicly facing server.
In web.config, both for <location path="EPiServer"> and <location path="EPiServer/CMS/admin">, remove any allow roles (WebEditors, WebAdmins, Administrators and additonal ones) so that the <authorization> sections only contain the following:"