How to disable access for anonymous users on forms and application pages - ViewFormPagesLockDown

dhessing — Mon, 24 Dec 2007 17:19:00 GMT

Recently I did a couple of projects on building public facing internet sites with MOSS 2007. I’ve noticed that for one specific project the application pages and the forms pages were accessible for anonymous users. Because of the fact that anonymous users have by default no rights on lists other than read, they can't do any harm to the site. But I didn't like the idea that anyone could read my reusable content or pages list just by requesting the url http://myserver/pages/forms/allitems.aspx. In my search for an explanation, I found this excellent article from the SharePoint team blog. Public internet sites build on the publishing portal site definition have by default a feature called ViewFormPagesLockDown activated. The feature disables anonymous users to forms pages and most of the application pages. If you build your own site definition, this feature is not enabled by default. You still can disable anonymous access to these pages by activating the ViewFormPagesLockDown feature to the site collection of the public website. You can do this by running the following command on the site collection of the public site:

stsadm.exe –o activatefeature –url <site collection url> -filename ViewFormPagesLockdown\feature.xml

Donald Hessing

How to disable access for anonymous users on forms and application pages - ViewFormPagesLockDown