Is there any way to disable or block access to pages/emails for private content? (/content-membership/all-domains/basics)? We don't use these, but I can see from the activity logs that people have still managed to find/access these pages and have attempted to register/log in/password reset even though there is nothing to login to.
Our security team originally flagged this as a possible vulnerability. The pages were found by a bug hunter and the assumption was that this was a log in to our CMS. I assured them that was not the case, but I am still unsure if there are any other potential risks here. If not, I do also have a slight concern that this is quite poor UX if our customers were to somehow stumble on these.
just to summarize the previous conversation you can also use a password protect page (1 password for all) that you can only give to your contacts/leads
Another option is to use smart conent with a tracking URL: this way you show the page content to people accessing from the url with the parameters you define, and other people just dont see it or see anything else.
hope this other ideas help
María Lucila Abal COO Andimol | Platinum Accredited Partner
HubSpot Expert, Top Community Champion | Hall of Fame IN23&IN24 Certified Trainer (12+ years) | SuperAdmins Bootcamp Instructor
Was the answer to this question posted? We are also trying to do the same thing within the application to prevent people from accessing pages we dont use and since the page is a reserved on, we can't implement re-directs.
For added clarity, I'm not trying to restrict access to any content. We don't have any content we wish to gate/restrict access to. I'm trying to determine if it's possible to disable the registration, log in and password reset pages set up for private content purposes, so that these cannot be found by external parties.
Thanks! As said, we don't use private content - people are finding our default template pages for registration, sign in, password e.g. /_hcms/mem/login - so I'm unsure how to apply solutions 1 and 3. For 1) we don't have an access list because we don't use the functionality at all and for 3) I can't edit the code on the default templates.
URL redirect seemed like the most viable option but I just tried that and was denied. The following message pops up -
just to summarize the previous conversation you can also use a password protect page (1 password for all) that you can only give to your contacts/leads
Another option is to use smart conent with a tracking URL: this way you show the page content to people accessing from the url with the parameters you define, and other people just dont see it or see anything else.
hope this other ideas help
María Lucila Abal COO Andimol | Platinum Accredited Partner
HubSpot Expert, Top Community Champion | Hall of Fame IN23&IN24 Certified Trainer (12+ years) | SuperAdmins Bootcamp Instructor
Hello @helen_c, thank you for posting in our Community!
Thank you for bringing this concern to our attention. I understand the importance of maintaining security and ensuring a smooth user experience for our customers.