Redirect users from accessing pages library

Mercury Man 21 Reputation points
2020-11-10T12:29:17.763+00:00

Hi All,

We have our SharePoint application publicly hosted as anonymously (e.g. https://www.xyz.com). Our IT security found vulnerability that when anonymous users are trying to hit this URL (https://www.xyz.com/en/pages) they receives authentication popup instead they should redirect to unauthorized access page.

Can some one please help me here.

SharePoint Server Management
SharePoint Server Management
SharePoint Server: A family of Microsoft on-premises document management and storage systems.Management: The act or process of organizing, handling, directing or controlling something.
2,935 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Trevor Seward 11,701 Reputation points
    2020-11-10T13:52:15.407+00:00

    Rather than make any changes on SharePoint, I would invest in a Web Application Firewall that can intercept requests destined to the farm and modify them as needed, i.e. if request = https://www.xyz.com/en/pages, throw an HTTP 401.

    Handling this on SharePoint will require changing the authentication scheme for the Web Application to FBA, which I do not recommend.

    0 comments No comments

  2. Emily Du-MSFT 45,751 Reputation points Microsoft Vendor
    2020-11-11T06:42:23.497+00:00

    @Mercury Man
    Agree with trevor. If trevor’s answer is helpful, please remember accept his answer.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Mercury Man 21 Reputation points
    2020-11-11T12:39:58.847+00:00

    Thanks for the suggestion trevor. I have created a page called NotAuthorized.aspx and asked WAF team to redirect and they will be doing it from F5. So if any user trying to access https://www.xyz.com/en/pages, will be redirected to not authorized page.

    One more quick question, If we block users accessing the locations like below

    https://www.xyz.com/style%20library/
    https://www.xyz.com/Style%20Library/Forms/
    https://www.xyz.com/en/pages/
    https://www.xyz.com/Style%20Library/Forms/AllItems.aspx?
    https://www.xyz.com/Style%20Library/Forms/AllItems.aspx?RootFolder=
    • Etc.,

    Will it also block the application pages to read files like .css, .js & Images? If so, then what could be the best solution? If it not then blocking above location from F5 will be the best.

    Please help me here…

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.