My entire forum is login-only. Yet in the dashboard, I see some anonymous page views accumulating, and they don’t seem to be from 404s (I’d really like to remove the footer from the Discourse “page does not exist or is private” page and leave it on all the other pages) or the login page. What could account for these anonymous views on a system where anonymous access is not permitted? Thanks!
The login page? /privacy?
1 Like
I experimented with those. They didn’t seem to increment the anon count when accessed when not logged in. However, I’m surprised they are accessible at all when not logged in. Same for terms of service. When I say “no access when not logged in” I intend that to cover all pages! In my case Terms of Service and Privacy just have a link to the same privacy policy page that is the footer of all pages. And that footer shows up on the Discourse 404/private page too. But are there other supposedly “secure” pages that are accessible without being logged in? Why are these pages being accessible without login not a security violation? Thanks.
This brings up the obvious question, how do I prevent the privacy, terms of service and ALL other pages other that login from being displayed to non-logged in users? If I can kill the footer on the 404/private page, all the better. Thanks.