I do not want rather clever users to my site to access URLs like

www.drupal.org/cron.php

or

www.drupal.org/node/add

How can I disable these?

Comments

mdlueck’s picture

"Each cron task maintains its own schedule for updating various things such as serach and aggregator tasks, so the tasks themselves are run only on the first call would trigger all the scheduled tasks set to run, but then the second and subsequent calls to cron.php would return having done nothing."

But if you would like to prevent cron from being run from a web browser add this to your apache httpd.conf file:


Order deny,allow
Deny from all
Allow from 127.0.0.1

This code makes it so that ONLY the server can run cron.php"

Change the IP address for the specific IP of your server.

/node/add means that they are logged in and have permission to create nodes. Otherwise they would not be able to access that URL. User account creation can be set to "admins only" and user permissions / group permissions can be adjusted through the admin interface. Thus, I think you need to do a bit of digging for that question, or clarify exactly what you are asking.

moking’s picture

Users are allowed to create content.

Nevertheless, I do not want them to see the page /node/add which lists out all the content type that they can create.

Most of them will never reach there anyway, because there is no link to /node/add provided anywhere in the site.

But, clever users might want to take a look under the hood, getting the scent that the site is based on Drupal. I do not want them to see a page like drupal.org/node/add at all.

If they want to create content, I have given them paths to create page or story via traditional menu based links.

How can I hide the page /node/add ?

coreyp_1’s picture

Create a page, give it the url alias "node/add", and then put whatever you want to in the body.

- Corey

moking’s picture

Yippee! Thanks!

But is there a way to show "Not Authorized" for this url?

coreyp_1’s picture

http://api.drupal.org/api/function/drupal_access_denied

global $user;

if ($user->uid != 1 && arg(0) == 'node' && is_numeric(arg(1)) && !arg(2)) {
  // do this *only* when trying to access the node/add page
  drupal_access_denied();
}
else {
  if ($user->uid == 1) {
    // user is site admin, show normal node/add screen
    print node_add();
  }
  else {
    // this is probably showing up in a views list or something
    print "Access Denied";
  }
}

Put this code into a page, enable the PHP filter, and you should be good to go.

Standard warnings apply: I'm coding off the top of my head, and didn't test the code. Not responsible if your computer melts.

- Corey

coreyp_1’s picture

I thought of an easier way. Just put this code in the body:

  print node_add();

Enable the PHP filter and Unpublish the Page.

Since the page will be unpublished, the "Access Denied" will be automatically supplied by Drupal, and only users with administration permissions will be able to see it.

BTW, I know it's generally bad form to reply to your own comments, but I didn't want to just edit my previous post. It is a good idea that may serve other situations as well, so I wanted to leave it up.

- Corey

watbe’s picture

I seem to get this problem when I try it:

Fatal error: Call to undefined function node_add() in /home/wondtsa3/public_html/modding-planet.com/includes/common.inc(1547) : eval()'d code on line 2

Drupal version 6.6

coreyp_1’s picture

Yeah... D6 completely changed the way that this is done. Try this version instead:


  $item = menu_get_item('node/add');
  $content = system_admin_menu_block($item);
  return theme('node_add_list', $content);

- Corey

watbe’s picture

Thank you very much for that, works beautifully =)

coreyp_1’s picture

cron.php - re-name it to something else. It's an actual file, so it is not parsed by the Drupal system.

node/add - people should only have access to this page if you have already given them permission to create content.

- Corey

moking’s picture

Interesting renaming trick! Thanks corey.

artwork’s picture

I want to show 404 page not found when ppl go to example.com/node which show list of "promote to front" node. How can I accomplish this ?

kbk’s picture

Using the Rules and the Path Rules modules will allow you to construct a rule that checks if the URL of interest is going to be viewed and then issue a redirect.