# bin/.htaccess.txt # # Controls access to TWiki scripts - to make Apache use it, rename this # file to '.htaccess' and REPLACE THE FOLLOWING STRINGS WHEREVER YOU SEE # THEM IN THIS FILE WITH PATHS SPECIFIC TO YOUR INSTALLATION. # Most required values can be seen in the Path Settings section of # =configure=. # # Replace {DataDir} with the value from =configure= # Replace {DefaultUrlHost} with the value from =configure= # Replace {ScriptUrlPath} with the value from =configure= # Replace {Administrators} with a space-separated list of the login # name(s) of the person(s) allowed to run the configure script # e.g. admin root superhero # We set an environment variable called anonymous_spider # Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from # including its own topics as URLs and also prevents other TWikis from # doing the same. This is important to prevent the most obvious # Denial of Service attacks. # You can expand this by adding more BrowserMatchNoCase statements to # block evil browser agents trying the impossible task of mirroring a twiki # Example: # BrowserMatchNoCase ^SiteSucker anonymous_spider BrowserMatchNoCase ^$ anonymous_spider # Now set default access rights. Order Allow,Deny Allow from all Deny from env=anonymous_spider # Use CGI & Perl to handle all files in 'bin' directory, i.e. run as scripts # - this should remove the need to rename files to end in '.pl' etc, # if your web hosting provider permits this. Remove if using mod_perl. SetHandler cgi-script # Password file for TWiki users # # Authentication type (htpasswd file) (comment out this if you configure htpasswd / LDAP support) AuthUserFile {DataDir}/.htpasswd AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.' AuthType Basic #for htdigest password suport uncomment the following #AuthDigestDomain {DefaultUrlHost}{ScriptUrlPath}/viewauth {DefaultUrlHost}{ScriptUrlPath}/edit {DefaultUrlHost}{ScriptUrlPath}/preview {DefaultUrlHost}{ScriptUrlPath}/save {DefaultUrlHost}{ScriptUrlPath}/attach {DefaultUrlHost}{ScriptUrlPath}/upload {DefaultUrlHost}{ScriptUrlPath}/rename {DefaultUrlHost}{ScriptUrlPath}/manage {DefaultUrlHost}{ScriptUrlPath}/installpasswd {DefaultUrlHost}{ScriptUrlPath}/passwd #AuthDigestFile {DataDir}/.htdigest # For "Digest" authentication to work properly, this string must match # the value of configuration variable $authRealm #AuthName 'Enter your WikiName. (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.' #AuthType Digest #for LDAP password support uncomment the following (and fix up the paths) #AuthLDAPURL ldap://yourldapserver/dc=yourldapserver,dc=com?uid?sub?(objectClass=posixAccount) #AuthLDAPGroupAttribute memberUid #AuthLDAPGroupAttributeIsDN off # # require group cn=mygroup,ou=groups,dc=yourldapserver,dc=com # #AuthName ByPassword #AuthType Basic # File to return on access control error (e.g. wrong password) # By convention this is the TWikiRegistration page, that allows users # to register with the TWiki. Apache requires this to be a *local* path. ErrorDocument 401 {ScriptUrlPath}/view/TWiki/TWikiRegistration # Set options for excuting CGI and allow symlinks for e.g. viewauth # This also unsets any options allowing directory indexing etc. Options ExecCGI FollowSymLinks # Limit access to configure to specific IP addresses and or users. # Make sure configure is not open to the general public. # The configure script is designed for administrators only. # The script itself and the information it reveals can be abused by # attackers if not properly protected against public access. SetHandler cgi-script Order Deny,Allow Deny from all Allow from 127.0.0.1, 192.168.1.10 Require user {Administrators} Satisfy Any # These are scripts that might change content. The regular expression uses ".*" # at the end so it matches the scripts even if you had to add a .cgi or .pl # extension. If you want to require login for any other scripts, modify the # regular expression below as appropriate. # NB. The resetpasswd & passwd scripts are used to reset and change passwords. # They do their own validation of the user and therefore # should not use "require valid-user" require valid-user