Hi,
I have a SP2013 farm with public facing websites. These websites got their own branding and have the site lockdown feature enabled (anonymous access). But when someone put the suffix ?masterpageoverride=/_catalogs/masterpage/seattle.master behind the URL they can see the the website with the named masterpage including the login options.
How can I arrange that the masterpage can not be overridden by anonymous visitors.
Thanks in advance.
Jeah they’re definitely not great options.. But I think none of these options really are. IIS rules are not really future proof would you want to go Office 365 some day.
Loading Javascript can be forced by using a Custom Action. The script can be added to the ScriptLink which is pretty much a mandatory control on every SharePoint MasterPage. Not saying it is the best way to go.
If it was 2010 a custom module would be the way to go, but gladly the newer IIS supports rewrites and redirects.
The JavaScript wouldn’t be reliable if they replace the masterpage as you would want it in the masterpage.
Otherwise u can build a HTTP module to change the request or last resort use a javascript to redirect back to remove the QueryString on page load.
Â
@Hugh It’s SP2013 Enterprise edition. Will try the rule, thanks for the hint!
