We are in the process of setting up a new Episerver 9 solution. Actually we are on 9 now, but will most likely upgrade to 10 before we go live. If this changes anything, we may upgrade sooner than later.
We are planning on setting up 2 frontend servers and 1 application server.
I'm looking for the best practice on how to remove the Episerver admin interface from the frontend servers, or at least make it inaccessible from the internet. I have found different articles on the internet, but they all seem to be for older versions of Episerver.
Are there an article/blog post that I'm missing, that is also relevant for Episerver 9 or 10?
One of the solutions that we are looking at, is to just filter out /episerver on the loadbalancer or firewall. At least from the internet, but to allow internal users to still access the URL.
This still installs the Admin interface on the frontend servers, and I'm not sure that is the best way to go.
How do you normally avoid exposing the admin interface to the internet?
Thank you for you input.
Ah, I have overlooked this documentation page: http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Security/Securing-edit-and-admin-user-interfaces/