Redirect Rule to Restrict Sitecore Admin

As a part of Security hardening on CD environments, Sitecore access on CD should be restricted. There are numerous way to achieve this. But in case you wish to perform it using redirect rules, here it is –

<rule name="Restrict Sitecore" stopProcessing="true" >
     <match url=".*" />​​
     <conditions>​​
      <add input="{URL}" pattern="^/sitecore//?.*" />​​
      <add input="{URL}" pattern="^/sitecore/service/?.*" negate="true" />​​
     </conditions>​​
     <action type="Redirect" url="/" appendQueryString="false" />​​
 </rule>

Explanation :

• Condition 1 (“^/sitecore//?.*”)
  • It would match all urls that has /sitecore/ in it.
• Condition 2 (“^/sitecore/service/?.*”)
  • It would skip all the urls that has /sitecore/service/. This is required to allow service related urls that might communicate to CM site for data flow.
• Action (“/”)
  • Redirect to Home page

Note : If you have any pages that are using resources from Sitecore folder, please make sure it’s working especially forms.