When you create a Publishing site that has anonymous access enabled, you will notice that anonymous users will not be able to access pages that reside in the “_layouts” virtual directory (e.g. http://siteX/_layouts/viewlsts.aspx). This is because the publishing infrastructure activates a hidden feature that prevents anonymous users from accessing these types of pages. However, if you were to create a site collection based of  Blank Site Template, you would notice that these pages are accessible by anonymous users.

The fix is quite simple. There is a hidden feature that you would need to manually activate via stsadm. The feature is called “ViewFormPagesLockDown” (and is available in the Features folders in the 14 hive)

To activate it:

stsadm -o activatefeature -filename ViewFormPagesLockDown\feature.xml -url http://ServerName

Once activated anonymous users will be promoted to enter credentials when they try to access form and application pages.

The feature can also be deactivated for publishing sites that have it automatically turned on.