Security Issue - hiding login portal with custom domain whilst keeping custom domain for links

Your software
My Mautic version is: 2.16.0
My PHP version is: 7.1.32-1+0~20190902.23+debian9~1.gbp9d1be7

Your problem
My problem is: I posted this before and it seems to have disappeared. When I use a custom domain for mautic, let’s say m.demo.com when you go there you get the login portal for Mautic.

Issue is I want custom domains for my links but what to stop people accessing the login portal by cutting the link down.

For example client clicks link and goes to m.demo.com/84€3929 all hunky dory. But a client curting it off goes to m.demo.com/ then sees my mautic portal, not my site.

I really need a solution on this. Cant have the login portal open to all an sundry!

These errors are showing in the log: None

Steps I have tried to fix the problem: Not sure how to do this. Hence the question.

Thanks team

Prim

Hi there,

Take a look at this setting in your config: