Let's say you have a internet facing web site in SharePoint Foundation (because it is cheaper :-)). Obviously, you have anonymous access enabled so that site is accessible without the need of log in. But at the same time you don't want public users to access back-end pages like _layouts, _catalogs, view all site content and see information that they should not.
We already know that SharePoint has a feature called ViewFormPagesLockDown which can be turned on to make back-end pages inaccessible to anonymous users. It is available in SharePoint 2007 and also in 2010 version. However, unfortunately it is not available in SharePoint 2010
Foundation version. So what should you do... Here is the solution... There is a custom feature created which you can download from
here. Deploy this in your environment and then turn on the feature using stsadm or powershell.
$lockdown = get-spfeature viewformpageslockdown
enable-spfeature $lockdown -url http://sitecollectionURL
If anonymous is already setup, you may need to disable\re-enable anonymous on the site.