Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By darnit78 on
I noticed today that I had a permission issue that let someone add a content type to our web site. I have code in the .htaccess file that blocks access to the /user and /admin folders from outside our intranet so that people cannot access our admin pages from the general internet.
I hoped to block /node also, but found that restricts too much. I.E., the Registration mode uses /node/9 (for example) when creating a registration.
What other /node folders would be good to block without blocking general content?
Comments
I noticed today that I had a
I believe you're talking about content and not content types .. Because to add a content type you'd have to access a path under admin/* ..
All the "admin" node paths I know about are:
node/add/*
node/*/edit
node/*/delete
I really hope, that you didn't mean that anonymous users were able to add nodes on your system, because if so .. then there is something really wrong with your site. :-)
I like cookies!