Microsoft SharePoint Team Blog : How to lockdown an Internet facing MOSS-based web site

How to lockdown an Internet facing MOSS-based web site

Since posting my blog entry about recently launched MOSS-based web sites on the Internet, I’ve received several inquiries about how to lockdown this type of web site to prevent anonymous users from accessing pages in the /_layouts vdir or any of the Form pages. Fortunately, the answer along with a comprehensive set of security guidance was published several months ago on TechNet in the following article:

Plan security for an external anonymous access environment (Office SharePoint Server)

Updated: November 16, 2006

In this article:

•	Protect back-end servers
•	Configure anonymous access
•	Secure the Central Administration site
•	Secure content deployment by using SSL
•	Disable incoming e-mail
•	Use lockdown mode
•	Secure design checklist
•	Plan security hardening for server roles
•	Plan secure configurations for Office SharePoint Server features

Security guidance for an external anonymous access environment is targeted to allow anonymous access to content while protecting back-end servers in the farm from direct user access or malicious actions targeted through front-end Web servers. In an environment where multiple farms might be deployed to support authoring, staging, and publishing, the guidance for this environment is intended for the published farm (the farm that is anonymously accessed by users).

[Update (05/14/2007): Tyler provides a bit more explanation about the "lockdown feature" over on the ECM Team Blog.]

Published Thursday, May 10, 2007 1:52 AM by LLiu

Filed under: Deployment, WCM, Security

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# MOSS security lockdown

PingBack from http://www.decatec.it/blogs/2007/05/10/MOSS+Security+Lockdown.aspx

Thursday, May 10, 2007 6:35 AM by MOSS security lockdown

# re: How to lockdown an Internet facing MOSS-based web site

I encourage everyone to read this Technet article! It's been really helpful for my project.

I did encounter some issues with enabling lockdown after the site was already created... basically you have to reset all your anonymous permissions for the lockdown to work.

I've detailed the steps on how to do this in a blog post:

http://blogs.vertigo.com/personal/steventap/Blog/Lists/Posts/Post.aspx?ID=22

Good Luck!

Steven.

Friday, May 11, 2007 4:27 PM by Steven Tapping

# 2007 MOSS Resource Links (Microsoft Office SharePoint Server)

2007 MOSS Resource Links (Microsoft Office SharePoint Server) Here is an assortment of various 2007 Microsoft

Wednesday, September 12, 2007 11:08 AM by The Boiler Room - Mark Kruger, Microsoft SharePoint MVP

# re: How to lockdown an Internet facing MOSS-based web site

I was wondering if you could guide me to some document that talks in detail about the requirements for introducing MOSS Search capabilities for internet facing sites. Since I need only the search functionality, which product would be most appropriate. And guides to the implementation of the product in our existing websites.

Friday, December 14, 2007 4:05 AM by Sameer

# re: How to lockdown an Internet facing MOSS-based web site

If I have Publishing web under Publishing site, anonymous works great for father (site) and still brings auth dialog for son (web). For other templates, like Team, it works without issues.Breaking the inheritance and explicit defining of anonymous access on son site doesn't help.

Tuesday, January 01, 2008 8:05 AM by Yehiel

# re: How to lockdown an Internet facing MOSS-based web site

Deactivating the lockdown mode and then create a new subsite also doesn't help

Sunday, January 13, 2008 4:37 AM by Yehiel

# Sharepoint 2007 Seite im Web sichern

Sharepoint 2007 Seite im Web sichern

Tuesday, February 26, 2008 2:43 PM by TEMPORARY BLOG NAME

# Day 1: Support links and Q&A

Day 1 of the Advanced SharePoint Server 2007 Training for Architects ended with some questions and some

Tuesday, April 15, 2008 12:25 AM by Spic and Spam

# Google Sites y Microsoft Office SharePoint...

Veamos cómo está Google con Google Sites y Microsoft con Office SharePoint en estos temas en cuanto a

Sunday, April 20, 2008 6:26 PM by Luis Du Solier G. - SharePoint en Español

# Google Sites y Microsoft Office SharePoint...

Veamos cómo está Google con Google Sites y Microsoft con Office SharePoint en estos temas en cuanto a

Sunday, April 20, 2008 6:29 PM by SharePoint en Español - Luis Du Solier G.

# Usefull links for a Publising or Internet facing Sharepoint (MOSS) site implementation / development

I thought of sharing some of the important and useful links for Publishing sites: Following command can

Wednesday, December 31, 2008 1:25 PM by Microsoft Tech Blogs

Title (required)
Name required
Your URL
Comments (required)
Remember Me?

Microsoft SharePoint Team Blog

This Blog

Syndication

Search

Tags

News

Archives

More SharePoint Info

SharePoint Bloggers - MS Certified Masters

SharePoint Bloggers - Product Documentation

SharePoint Bloggers - Product Mgmt

SharePoint Bloggers - Product Support

SharePoint Bloggers - Program Mgmt

SharePoint Bloggers - TSP Insiders

SharePoint Related Team Blogs

How to lockdown an Internet facing MOSS-based web site

Comment Notification

Comments

# MOSS security lockdown

# re: How to lockdown an Internet facing MOSS-based web site

# 2007 MOSS Resource Links (Microsoft Office SharePoint Server)

# re: How to lockdown an Internet facing MOSS-based web site

# re: How to lockdown an Internet facing MOSS-based web site

# re: How to lockdown an Internet facing MOSS-based web site

# Sharepoint 2007 Seite im Web sichern

# Day 1: Support links and Q&A

# Google Sites y Microsoft Office SharePoint...

# Google Sites y Microsoft Office SharePoint...

# Usefull links for a Publising or Internet facing Sharepoint (MOSS) site implementation / development

Leave a Comment