Administrative Pages

Administrative Pages

Sitecore Administrative Pages

  • Located in /sitecore/admin folder under website root
  • Includes a number of standalone .aspx pages that can be useful for administering a Sitecore site
  • Folder should be restricted by IP address or these pages should be moved until needed
    • This is done to avoid misappropriation and misuse of these administrative pages

Administrative Pages Available on Sitecore 7.2

  • Cache.aspx displays details regarding the caching settings configured and the percentage of cache usage for each of the Sitecore caches
  • Dbbrowser.aspx displays content in the Sitecore databases in its raw format
  • FillDB.aspx is used to quickly fill a Sitecore database with sample or test data
  • LinqScratchPad.aspx allows you to run LINQ queries against your indexes from within the browser
  • Login.aspx is the default admin login form
  • Pipelines.aspx is used to profile utilization and performance of Sitecore pipelines
  • RemoveBrokenLinks.aspx is used to remove all broken links in a database
  • Serialization.aspx is useful for serializing database content into xml files    
  • SetSACEndpoint.aspx is used to change the Sitecore App Center endpoint when testing the Email Campaign Manager (ECM)
  • ShowConfig.aspx displays the merged configuration settings from the <Sitecore> section of the web.config and all the included config files
  • Stats.aspx displays rendering statistics, including the presentation components that were loaded and how long it took them to load
  • Unlock_admin.aspx is used to unlock an admin account that is locked out
  • UpdateInstallationWizard.aspx is used for performing what-if and actual Sitecore upgrades to newer versions. 

Securing the Sitecore Administrative Pages

  • Consider relocating all of the administrative pages (.aspx files) to a Temp folder outside of your web site until you need to use the page(s)
  • IIS must be configured for anonymous authentication enabled on the  /sitecore/admin folder when the tools will be used
  • Using IP Address restrictions is a good way to restrict access to these tools
    • Set IP Address Restrictions for the \admin, \login and \shell folders in IIS
    • Use Edit Feature Settings in the IP Address Restrictions tool to set access for unspecified clients to Deny
    • Use Add Allow Entry to specified the IP addresses that should be allowed access to the administrative pages

IIS Console

Sources