All public facing Sharepoint sites and Sharepoint intranet in some instance are configured to allow anonymous access.  If anonymous users have read/write access to lists they will be able to see the Sharepoint list pages such as AllItems.aspx, Dispform.aspx, Editform.aspx, and Newform.aspx by using a URL like . Since this is not a desirable situation, anonymous users should be blocked from seeing the list pages. This can be achieved by changing the ASP.Net configuration settings for the Sharepoint site.   Following lines have to be added to the web.config file of the Sharepoint site

 

<location path="lists">
   <system.web>
     <authorization>
       <deny users="?" />
     </authorization>
   </system.web>
 </location>

This will prevent the anonymous users from accessing any pages under Lists. If they try to navigate to a list page such as http://server/lists/listname/allitems.aspx they will be prompted for username and password.