Wednesday 12 April 2017

Deny Access to _vti_bin SharePoint 2010

Case Study :
Dears,
we have implemented a SharePoint 2010 portal that is published for both Anonymous and "Windows" Authenticated users, this was by creating an extension from the "Windows Authenticated" site and configuring the security for the extension to allow anonymous users.
We have received a security test results from the host of the published site requiring us to prevent access to _vti_bin folder, we applied all the configurations recommended by Microsoft and Microsoft users (adding authorization rules to web.config) but yet the _vti_bin folder still accessible.
Please advise if accessing the _vti_bin folder is a security issue or not, and if yes how can we solve it in our case.
Solution:
No, it should not be a security issue.



No comments:

Post a Comment