In a lot of environments, it is very common to run EPiserver in a load balanced environment, with a master/slave configuration. On the slaves/live web boxes, it's usually a good idea to disable access to the Episerver editor.
A few people have blogged over the years how to disable certain config settings, however, there is an easier approach, adding a rule using Url Rewrite to cause a 404 anytime anyone tries to access the editor. That rule would look like this:
<rules> <rule name="Restrict Episerver access" stopProcessing="true"> <match url="^episerver/?.*" /> <action type="CustomResponse" statusCode="404" /> <conditions> </conditions> </rule> </rules>
The rule basically says, that any request to www.yoursite.com/episerver, or anything else after /episerver then returns a 404.
Security wise this is good, as no one will be able to figure out if the site uses Episerver. As you can see by the rule, Also, the other benefit of this is that your continuous integration build process is similar as you'll need to transform a single variable.
In my example, my web.config would look like this in development:
<system.webServer> <rewrite> <rules configSource="" /> </rewrite> </system.webServer>
After a Ci transformation takes place, it will look like this on the live boxes:
<system.webServer> <rewrite> <rules configSource="rewriterules.config" /> </rewrite> </system.webServer>
I'd add my rule listed above within a file called rewriterules.config and check it into source control. It's as simple as that!