Hi,
I have a SP2013 farm with public facing websites. These websites got their own branding and have the site lockdown feature enabled (anonymous access). But when someone put the suffix ?masterpageoverride=/_catalogs/masterpage/seattle.master behind the URL they can see the the website with the named masterpage including the login options.
How can I arrange that the masterpage can not be overridden by anonymous visitors.
Thanks in advance.
(Visited 23 times, 1 visits today)
Otherwise u can build a HTTP module to change the request or last resort use a javascript to redirect back to remove the QueryString on page load.
(Visited 1 times, 1 visits today)
