Drupal 6 <front>/node lists all nodes (unwanted)

Question

Going to http://site/node without specific node id lists every node, some of which are private user messages, etc. How can I restrict access to this path? Shouldn't it trigger 404?

Answer 1

http://site/node is the default front page view for a Drupal site.

If you want to control what's shown there, you probably want to use Views and/or Panels.

As mentioned by @yitznewton, you'll also need to look at some kind of explict access control - relying on people never guessing URLs is a technique that's going to fail pretty quickly. If you're using CCK then the features are already there, waiting for you to use them. Otherwise, have a search round on Drupal.org to see some of the options.

Answer 2

To restrict access to http://example.com/node you can create really small and simple custom module. Easy instructions on how to create a simple module can be found at http://drupal.org/node/416986.

Adding the following code to your .module file will trigger the 404 (by the drupal_not_found):

/**
 * Implementation of hook_menu().
 */
function MODULENAME_menu() {
  $items = array();

  // Disable the default /node front page.
  $items['node'] = array (
    'title' => 'node',
    'page callback' => 'drupal_not_found',
    'access callback' => TRUE,
    'type' => MENU_CALLBACK,
  );

  return $items;
}

Be sure to replace "MODULENAME" with the name you chose for the module.

Answer 3

That's just the front page, in my installs at least; uncheck "promoted to front" on your nodes, or modify your page-front.tpl.php

Also, if some of your nodes are private, you need some kind of access control, or the nodes will be accessible by trying random IDs