Hi,
I have a SP2013 farm with public facing websites. These websites got their own branding and have the site lockdown feature enabled (anonymous access). But when someone put the suffix ?masterpageoverride=/_catalogs/masterpage/seattle.master behind the URL they can see the the website with the named masterpage including the login options.
How can I arrange that the masterpage can not be overridden by anonymous visitors.
Thanks in advance.
(Visited 23 times, 1 visits today)
The only way I can think of is to create a rule to disallow it. Is it 2013 or 365?
Ideally you would make IIS rule to redirect any page with that override in the URL and redirect it to the home page.
For more information lookup the IIS rewrite module.
(Visited 1 times, 1 visits today)
