Change the admin url in Drupal to enhance security
The following tip can be used in multiple scenarios (being anywhere you need custom URL rewriting and want to do this without .htaccess), but I'll illustrate it for two specific purposes.
Usually at our company all urls beginning with /admin are blocked from outside by a firewall for content security reasons. This sucks, because Drupal administration is done on pages with a /admin url. So we need to find a way to rewrite all of the urls to something like /config (or something else).
If someone knows your site is on Drupal, this gives him some knowledge on how the site is structured. For example does he know that all administration is done on /admin. To make it harder to guess this url, we want to rename it. Both of these cases can be tackled by one hook (custom_url_rewrite) in Drupal that has to be specified in the settings.php file. You can find a descent explanation of how this hook works in the Drupal API.
In the following example I rewrite all admin urls to config (and vice versa).
if ($op == 'alias') {
if (preg_match('|^admin(/{0,1}.*)|', $path, $matches)) {
return 'config'. $matches[1];
}
}
if ($op == 'source') {
if (preg_match('|^config(/{0,1}.*)|', $path, $matches)) {
return 'admin'. $matches[1];
}
}
return $result;
}
