Vish Apte
In our big NSW site (at 10.7.1), we block administrator access at the external load balancer using a more finely grained set of blacklisted portaladmin paths - current set is:
*/portaladmin/federation*
*/portaladmin/exportSite*
*/portaladmin/importSite*
*/portaladmin/machines*
*/portaladmin/security/config/update*
*/portaladmin/system/webadaptors*
*/portaladmin/security/sslCertificates*
*/portaladmin/security/tokens*
*/portaladmin/system/database*
*/portaladmin/system/indexer*
*/portaladmin/system/properties*
*/portaladmin/security/config/updateIdentityStore*
*/portaladmin/security/config/testIdentityStore*