CMS prefix for URL to avoid top-level URLs being reserved for Concrete5

Permalink 5 2 Browser Info Environment
Where Concrete5 is used as a public facing CMS with pretty URLs where all maintenance occurs from internally Concrete5 still reserves commercially valuable URLs. I cannot underline enough how commercially sensitive urls like /account are.

For instance:

/dashboard
/login
/register
/account

These URLs should be usable by the end-user for their own pages/systems.

I propose all admin URLs such as the above AND:

!drafts
!trash
!stacks

Should be under an additional path element. This path element should be user-defined through the admin pages. This provides a minor security advantage (remembering that obscurity is not security) as different websites will not necessarily be running the same URLs. It additionally allows easier securing admin access on the CMS by only requiring a single rule in server configurations (such as Apache).

Thus we could specify all C5 admin should be under /cms of our website. Thus our own website (with pretty urls) can usehttp://example.com/login and Concrete5 usehttps://example.com/cms/login...or... evenhttps://example.com/8cf3ee9/login...

Thus instead of replacing index.php with nothing, the pretty URLs can replace it with an optional prefix.


Status: New

concrete5 Environment Information

# concrete5 Version
Core Version - 8.5.1
Version Installed - 8.5.1
Database Version - 20190301133300

# concrete5 Packages
BSIP IRP (0.0.3), CoreBSP Catalyst theme. (0.2.5)

# concrete5 Overrides
blocks/feature/form.php, blocks/feature/view.php, blocks/feature, blocks/search/view.php, blocks/search, blocks/page_title/form_add_edit.php, blocks/page_title

# concrete5 Cache Settings
Block Cache - On
Overrides Cache - On
Full Page Caching - On - If blocks on the particular page allow it.
Full Page Cache Lifetime - Every 1440 minutes.

# Server Software
Apache

# Server API
fpm-fcgi

# PHP Version
7.3.11

# PHP Extensions
cgi-fcgi, Core, ctype, curl, date, dom, fileinfo, filter, gd, hash, iconv, json, libxml, mbstring, mysqli, mysqlnd, openssl, pcntl, pcre, PDO, pdo_mysql, Phar, posix, readline, Reflection, session, SimpleXML, SPL, standard, tokenizer, xml, xmlreader, xmlwriter, zip, zlib

# PHP Settings
max_execution_time - 30
log_errors_max_len - 1024
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - 60
max_input_vars - 1000
memory_limit - 128M
post_max_size - 8M
upload_max_filesize - 200M
mbstring.regex_stack_limit - 100000
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
session.cache_limiter - <i>no value</i>
session.gc_maxlifetime - 7200

Browser User-Agent String

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36