Restricting access to contents in “_vti_bin” for anonymous users in SharePoint

Restrict SharePoint web services for anonymous user are important because accidentally google search engine or any other search engine might crawl that URL of your site, that is happening for one of our sites.

The problem is these URL such as SiteData.asmx disposes lot of information which exposes every page of our SharePoint site and we don't want to expose data to anonymous .

All web services which every SharePoint site use them are resides at "C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\ISAPI", which is mapped as a virtual folder "/_vti_bin"

So we can restrict them in web.config file easily like this example:

<location path="_vti_bin">
    <system.web>                 
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</location>

Thanks to "The Soldier of Fortune" we can find plenty of detailed in their post.

You can find that post by clicking here.