Clean_URL / Multiple instances

I have a requirement to prevent access to most of the crm content from outside access (internet). Only very specific urls should be accessible e.g.

Any web application firewall can only work with Clean URLs.
clean url example:https://fqdn/ConfirmOptIn/index.php?from=*

As suitecrm does not provide clean URLs I wonder hot to archive that.
There are 2 possible options:
1: Tow independent instances, frontend (with access to the internet) and another backend (without any external access).

The frontend should only contain data required for the 2 specific modules and somehow being synced to backend .

2: A module e.g. URL-router that provides clean code interface for suitecrm.

Does one of them exist already?

Any acl solution within crm isn’t an option as this access prevention system has to be independent from crm-system.

Interesting requirement…

Can you work with .htaccess on SuiteCRM side?

What I am imagining is that you change the URL’s on your campaign emails to be “clean” forms of the current URL’s.

Then the .htaccess rewrites them and SuiteCRM gets them as usual.


I though about mod rewrite already but I’ve no root access to the servers. However, access to .htacces is something I probably can request.

Even if so, some links especially unsubscribe are generated by suitecrm and cannot be modified by .htacces as they are published via email.

Yes I think in any case you would have to do some custom code, still, I hoped it would be a lot less complicated than this two instance solution:

I’ve almost done it as recommencement with .htacces.

added below the existing rules:
RewriteRule ^public/campaign_trackerv2/([^/]*)/([^/]*)$ index.php?entryPoint=campaign_trackerv2&track=$1&identifier=$2 [L] RewriteRule ^public/removeme/([^/]*)$ index.php?entryPoint=removeme&identifier=$1 [L] RewriteRule ^public/ConfirmOptIn/([^/]*)$ index.php?entryPoint=ConfirmOptIn&from=$1 [L]

The URL’s for tracker and ConfirmOptIn can easily be modified in the email template. However, as Opt out (index.php?entryPoint=removeme) seems to be hard coded. I’ve no idea how the modify this, especially as I have do replace the full fqdn and just add the $emailaddress_confirm_opt_in_token.

I can add this to the template of course, but then, as I do use {Remove}, the default footer Out-out will be added automatically.

Nice progress!

About the removeme, I don’t know a proper answer but I can suggest an approach. Work from this list:


Ignore the entries in test/ directories.

Try changing that removeme string on each of those one by one, and see which one makes a difference for what you need. Once you have that information I can try hleping you further, see if that part of the code is customizable, etc.