Blog Sections Open
Blocking Direct Access to Selected Resources with a Plugin
A simple plugin pattern for pages that should be reachable only through a controlled workflow, not by direct URL entry.
Some pages in Evolution CMS should not be open to arbitrary direct visits. A typical example is an intermediate action page such as add.html that is meant to be reached only from a specific frontend flow.
Core plugin pattern
if ($modx->event->name != 'OnLoadWebDocument') return;
$ids = explode(',', $ids);
if (!in_array($modx->resource->id, $ids)) return;
if (empty($constant_name)) return;
if (!defined($constant_name)) {
$modx->sendForward($modx->getOption('error_page'));
}This checks whether the current document is one of the protected IDs and whether a required condition has been established before access is allowed.
Why this works
It is a lightweight way to enforce route-level rules without redesigning the whole site architecture. If the condition is missing, the page behaves like an invalid request and forwards to the error page.
What to watch for
- Keep the condition explicit and easy to trace.
- Do not rely on hidden query parameters alone for sensitive workflows.
- Make sure the protected page still fails gracefully for unexpected visitors.
For small controlled flows in Evo, this is often enough. For stronger security boundaries, combine it with proper user-group protection or server-side authorization checks.
Fixing index-ajax.php 404 Errors in Evolution CMS AJAX Flows
How to troubleshoot AJAX requests that target index-ajax.php and fail with 404 errors even though the frontend page itself still loads normally.
Adding Organization Microdata to an Evolution CMS Site
How to add schema.org Organization microdata to an Evolution CMS template without turning the markup into an unreadable SEO patchwork.