Drupal custom URL rewriting - Change the admin url to enhance security

Mon, 03/10/2008 - 16:02 — Davy Van Den Bremt

The following tip can be used in multiple scenarios (being anywhere you need custom URL rewriting and want to do this without .htaccess), but I'll illustrate it for two specific purposes.

At our company all urls beginning with /admin are blocked from outside by a firewall for content security reasons. This sucks, because Drupal administration is done on pages with a /admin url. So we need to find a way to rewrite all of the urls to something like /config (or something else).
If someone knows your site is on Drupal, this gives him some knowledge on how the site is structured. For example does he know that all administration is done on /admin. To make it harder to guess this url, we want to rename it.

Both of these cases can be tackled by one hook (custom_url_rewrite) in Drupal that has to be specified in the settings.php file. You can find a descent explanation of how this hook works in the Drupal API.

In the following example I rewrite all admin urls to config (and vice versa).

function custom_url_rewrite($op, $result, $path) {

  if ($op == 'alias') {

    if (preg_match('|^admin(/{0,1}.*)|', $path, $matches)) {

      return 'config'. $matches[1];

    }

  }

  if ($op == 'source') {

    if (preg_match('|^config(/{0,1}.*)|', $path, $matches)) {

      return 'admin'. $matches[1];

    }

  }

  return $result;

}

Comments

Mon, 06/15/2009 - 13:41 — Anonymous (not verified)

Examples for Drupal 6 using

Examples for Drupal 6 using custom_url_rewrite_outbound and custom_url_rewrite_inbound

function custom_url_rewrite_outbound(&$path, &$options, $original_path) {

  global $user;

  if (preg_match('|^admin(/.*)|', $path, $matches)) {

    $path = 'administration'. $matches[1];

  }

  if ($path == 'admin') {

    $path = 'administration';

  }

  if (preg_match('|^user(/.*)|', $path, $matches)) {

    $path = 'usr'. $matches[1];

  }

  if ($path == 'user') {

    $path = 'usr';

  }

}

function custom_url_rewrite_inbound(&$result, $path, $path_language) {

  global $user;

  if (preg_match('|^administration(/.*)|', $path, $matches)) {

    $result = 'admin'. $matches[1];

  }

  if ($path == 'administration') {

    $result = 'admin';

  }

  if (preg_match('|^usr(/.*)|', $path, $matches)) {

    $result = 'user'. $matches[1];

  }

  if ($path == 'usr') {

    $result = 'user';

  }

}

Fri, 05/01/2009 - 19:27 — Anonymous (not verified)

for drupal 6 use these as

for drupal 6 use these as examplse for your sites/****/settings.php
note that it also redirects admin to 404 if you don't want anyone to access admin anymore

function custom_url_rewrite_outbound(&$path, &$options, $original_path) {
if (preg_match('|^admin(/{0,1}.*)|', $path, $matches)) {
$path = 'config'. $matches[1];
}
}

function custom_url_rewrite_inbound(&$result, $path, $path_language) {
if (preg_match('|^config(/{0,1}.*)|', $path, $matches)) {
$result = 'admin'. $matches[1];
}

if (preg_match('|^admin(/{0,1}.*)|', $path, $matches)) {
$result = '404'. $matches[1];
}
}

Fri, 05/01/2009 - 13:16 — Anonymous (not verified)

Thanks

Your max-allowed_packet=32M on your other page saved my from some hairpulling and this article rocks too. Thanks x20.

Wed, 03/18/2009 - 03:15 — Zoran (not verified)

Fantastic post. Bookmarked

Fantastic post. Bookmarked this site and emailed it to a few friends, your post was that great, keep it up.

Tue, 02/17/2009 - 18:53 — Anonymous (not verified)

Drupal 6 - custom_url_rewrite

How would you go about doing the same URL rewrite using the new fucntions in D6?

ie. custom_url_rewrite_inbound and custom_url_rewrite_outbound

Sat, 12/13/2008 - 00:05 — Davy Van Den Bremt

Sun, 09/21/2008 - 13:07 — Davy Van Den Bremt

Drupal coder