Best practice for removing Admin interface on Episerver 9 / 10 frontend servers

Vote:
 

Hi Forum

We are in the process of setting up a new Episerver 9 solution. Actually we are on 9 now, but will most likely upgrade to 10 before we go live. If this changes anything, we may upgrade sooner than later.

We are planning on setting up 2 frontend servers and 1 application server.

I'm looking for the best practice on how to remove the Episerver admin interface from the frontend servers, or at least make it inaccessible from the internet. I have found different articles on the internet, but they all seem to be for older versions of Episerver.

Are there an article/blog post that I'm missing, that is also relevant for Episerver 9 or 10?

One of the solutions that we are looking at, is to just filter out /episerver on the loadbalancer or firewall. At least from the internet, but to allow internal users to still access the URL.

This still installs the Admin interface on the frontend servers, and I'm not sure that is the best way to go.

How do you normally avoid exposing the admin interface to the internet?

Thank you for you input.

Regards

Anders

#172029
Nov 23, 2016 21:02
Vote:
 

Ah, I have overlooked this documentation page: http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Security/Securing-edit-and-admin-user-interfaces/

#172044
Nov 24, 2016 11:52
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.