twiki_httpd_conf.txt
author Colas Nahaboo <colas@nahaboo.net>
Sat, 26 Jan 2008 15:50:53 +0100
changeset 0 414e01d06fd5
child 1 e2915a7cbdfa
permissions -rw-r--r--
RELEASE 4.2.0 freetown
     1 # Example httpd.conf file for TWiki.
     2 #
     3 # You are recommended to take a copy of this file and edit
     4 # the paths to match your installation. Then add:
     5 # include "/home/httpd/twiki/twiki_httpd.conf"
     6 # to the end of your main httpd.conf file.
     7 #
     8 # See also http://twiki.org/cgi-bin/view/TWiki.ApacheConfigGenerator
     9 # that helps you configure Apache
    10 
    11 # The first parameter will be part of the URL to your installation e.g.
    12 # http://example.com/twiki/bin/view/...
    13 # The second parameter must point to the physical path on your disk. Be
    14 # careful not to lose any trailing /'s.
    15 
    16 #### Change the _second_ path to match your local installation
    17 ScriptAlias /twiki/bin/ "/home/httpd/twiki/bin/"
    18 
    19 # This defines a url that points to the root of the twiki installation. It is
    20 # used to access files in the pub directory (attachments etc)
    21 # It must come _after_ the ScriptAlias.
    22 
    23 #### Change the path to match your local installation
    24 Alias /twiki/ "/home/httpd/twiki/"
    25 
    26 # Block access to typical spam related attachments (.htm and .html files)
    27 # Except the TWiki directory which is read only and does have attached html files.
    28 # You should uncomment the two lines below if the TWiki is on the public Internet
    29 #SetEnvIf Request_URI "twiki/pub/.*\.[hH][tT][mM]?$" blockAccess
    30 #SetEnvIf Request_URI "twiki/pub/TWiki/.*\.[hH][tT][mM]?$" !blockAccess
    31 
    32 # We set an environment variable called blockAccess.
    33 #
    34 # Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from
    35 # including its own topics as URLs and also prevents other TWikis from
    36 # doing the same. This is important to prevent the most obvious
    37 # Denial of Service attacks.
    38 #
    39 # You can expand this by adding more BrowserMatchNoCase statements to
    40 # block evil browser agents trying the impossible task of mirroring a TWiki.
    41 # http://twiki.org/cgi-bin/view/TWiki.ApacheConfigGenerator has a good list
    42 # of bad spiders to block.
    43 #
    44 # Example:
    45 # BrowserMatchNoCase ^SiteSucker blockAccess
    46 BrowserMatchNoCase ^$ blockAccess
    47 
    48 # This specifies the options on the TWiki scripts directory. The ExecCGI
    49 # and SetHandler tell apache that it contains scripts. "Allow from all"
    50 # lets any IP address access this URL.
    51 
    52 #### Change the path to match your local installation
    53 <Directory "/home/httpd/twiki/bin">
    54 	AllowOverride None
    55 	Order Allow,Deny
    56 	Allow from all
    57 	Deny from env=blockAccess
    58 
    59 	Options ExecCGI FollowSymLinks
    60 	SetHandler cgi-script
    61 
    62 	# Password file for TWiki users
    63 	AuthUserFile /var/www/twiki/data/.htpasswd
    64 	AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
    65 	AuthType Basic
    66 	
    67 	# File to return on access control error (e.g. wrong password)
    68 	# By convention this is the TWikiRegistration page, that allows users
    69 	# to register with the TWiki. Apache requires this to be a *local* path.
    70 	# Comment this out if you setup TWiki to completely deny access to TWikiGuest
    71 	# in all webs or change the path to a static html page.
    72 	ErrorDocument 401 /twiki/bin/view/TWiki/TWikiRegistration
    73 	# Alternatively if your users are all known to be registered you may want
    74 	# to redirect them to the ResetPassword page.
    75 	# ErrorDocument 401 /twiki/bin/view/TWiki/ResetPassword
    76 
    77 # Limit access to configure to specific IP addresses and or users.
    78 # Make sure configure is not open to the general public.
    79 # The configure script is designed for administrators only.
    80 # The script itself and the information it reveals can be abused by
    81 # attackers if not properly protected against public access.
    82 # Replace JohnDoe with the login name of the administrator
    83 <FilesMatch "^configure.*">
    84 	SetHandler cgi-script
    85 	Order Deny,Allow
    86 	Deny from all
    87 	Allow from 127.0.0.1 192.168.1.10
    88 	Require user JohnDoe
    89 	Satisfy Any
    90 </FilesMatch>
    91 
    92 # When using Apache type login the following defines the TWiki scripts
    93 # that makes Apache ask the browser to authenticate. It is correct that
    94 # scripts such as view, resetpasswd & passwd are not authenticated.
    95 # (un-comment to activate)
    96 #<FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|rest|.*auth).*">
    97 #	require valid-user
    98 #</FilesMatch>
    99 
   100 </Directory>
   101 
   102 
   103 # This sets the options on the pub directory, which contains attachments and
   104 # other files like CSS stylesheets and icons. AllowOverride None stops a
   105 # user installing a .htaccess file that overrides these options.
   106 # Finally all execution of PHP and other scripts is disabled.
   107 
   108 # Note that files in pub are *not* protected by TWiki Access Controls,
   109 # so if you want to control access to files attached to topics, you may
   110 # need to add your own .htaccess files to subdirectories of pub. See the
   111 # Apache documentation on .htaccess for more info.
   112 
   113 #### Change the path to match your local installation
   114 <Directory "/home/httpd/twiki/pub">
   115 	Options None
   116 	AllowOverride Limit
   117 	Allow from all
   118 	
   119 	# If you have PHP4 or PHP5 installed make sure the directive below is enabled
   120 	# If you do not have PHP installed you will need to comment out the directory below
   121 	# to avoid errors.
   122 	php_admin_flag engine off
   123 	
   124 	#If you have PHP3 installed make sure the directive below is enabled
   125 	#php3_engine off
   126 
   127 	# This line will redefine the mime type for the most common types of scripts
   128 	AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi
   129 </Directory>
   130 
   131 # Security note: All other directories should be set so
   132 # that they are *not* visible as URLs, so we set them as =deny from all=.
   133 
   134 #### Change the paths to match your local installation
   135 <Directory "/home/httpd/twiki/data">
   136 	deny from all
   137 </Directory>
   138 
   139 <Directory "/home/httpd/twiki/templates">
   140 	deny from all
   141 </Directory>
   142 
   143 <Directory "/home/httpd/twiki/lib">
   144 	deny from all
   145 </Directory>
   146 
   147 <Directory "/home/httpd/twiki/tools">
   148 	deny from all
   149 </Directory>
   150 
   151 <Directory "/home/httpd/twiki/locale">
   152 	deny from all
   153 </Directory>
   154 
   155 <Directory "/home/httpd/twiki/working">
   156 	deny from all
   157 </Directory>