When running Episerver with an on-prem license, a very common infrastructure configuration is to run the CMS within a load-balanced environment, with a master/slave configuration. On the master/live web boxes, it's usually a good idea to disable access to the Episerver editor. A few people have blogged over the years how to disable certain config settings, however, there is an easier approach, adding a rule using Url Rewrite to cause a 404 anytime anyone tries to access the editor. The 404 rule would look like this:
The regex performs a match on any request to www.yoursite.com/episerver, or, anything else after /episerver. Security-wise this is good, as no one will be able to figure out if the site uses Episerver. As you can see by the rule, the other benefit of this is that your continuous integration build process is similar as you will need to transform a single variable. In my example, my web.config would look like this in development:
After a transformation takes place, it will then look like this on the live box:
I recommend adding custom rules into a separate file to prevent your web.config from getting too large. I add rules within a file calledrewriterules.config and check it into source control. It's as simple as that! Happy Coding 🤘
