By instantgeek on

Hey all,

I've got a question for you Drupal gurus out there.

I have Drupal 5 multisite set up and I'm digging it. However, I would like to be able to "hide" certain urls from being accessible from the other domains. Since all domains point to my public_html directory, if I make a directory /some/dir under public_html, it will be accessible both via domain1.tld/some/dir and domain2.tld/some/dir, even if i intended it to be accessible only from the first one.

What I would like to be able to do, is to add /some/dir under the /sites/domain1.tld/ directory and have it automatically show up only when accessed via that domain (as domain1.tld/some/dir), much in the same way that /sites/domain1.tld/modules/ are only visible for that site.

How could this be done?

Categories: Drupal 5.x

Comments

instantgeek’s picture

instantgeek commented

Anyone?

Leeteq’s picture

Leeteq commented

Not sure if you could tweak Taxonomy_access to do something like that.
Maybe this requires its own new module, not sure.

But have you thought about using the Organic Groups (OG) module as an alternative?
(ps. OG has still some security issues to address, in particular one that lets people see groups they are not member of. About to be fixed, I think, but you better check its reported issues queue.)

Warning:
Multi-site setup will still have serveral "issues" where misc. contributed modules either create conflicts or open up security holes, as not all contributed modules are made with multi-site setup in mind, especially securitywise. I can imagine that with all the issues still unaddressed in stand-alone Taxonomy_access and OG (and how long it has taken to get to the level of security and "bug free" state we have today), security will be at even greater risk in a multi-site setup for still a significant time to come. (months/1-2 years?...)

.
--
( Evaluating the long-term route for Drupal 7.x via BackdropCMS at https://www.CMX.zone )

instantgeek’s picture

instantgeek commented

I thought I'd share how I eventually solved this, in case anyone is interested.
I did a multi-site install so that each site has it's own root folder. Drupal core, modules and themes are in their own folder that is not directly accessible from the web, but is rather referenced from the individual sites' root folders via symlinks. In addition to solving the aforementioned problem, it is also a more secure way to install multisite. Works great so far.

Detailed instructions on how to do this are available on Justin Hileman's blog:
http://justinhileman.info/blog/2007/06/a-more-secure-drupal-multisite-in...