I have had the same problem as described in TWiki:Support.ConfigureAuthentication
- I cannot access the configure script. I have found the problem.
It is a problem in the .htaccess template - more specifically, the line "Allow from 127.0.0.1, 184.108.40.206".
I have found that separating IP numbers with a comma (e.g. 127.0.0.1, 220.127.116.11) caused failure to authenticate. Separating with spacebar (127.0.0.1 18.104.22.168) worked. You can also do wildcards, e.g. "198.186." will actually work (good for dialup modem users or non-static IPs).
So maybe someone should edit the bin/.htaccess template (for the next release) and remove the comma.
While someone is editing that template, they may want to make another improvement. The area regarding anonymous_spider could include a more comprehensive list of browser agents from TWiki:TWiki.ApacheConfigGenerator
. Below is what I am using successfully:
# We set an environment variable called blockAccess
# Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from
# including its own topics as URLs and also prevents other TWikis from
# doing the same. This is important to prevent the most obvious
# Denial of Service attacks.
# You can expand this by adding more BrowserMatchNoCase statements to
# block evil browser agents trying the impossible task of mirroring a twiki
# BrowserMatchNoCase ^SiteSucker blockAccess
# BrowserMatchNoCase ^$ blockAccess
# This list is from http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator
#Block access from badly behaving robots and site sucking type programs.
BrowserMatchNoCase ^SiteSucker blockAccess
BrowserMatchNoCase ^iGetter blockAccess
BrowserMatchNoCase ^larbin blockAccess
BrowserMatchNoCase ^LeechGet blockAccess
BrowserMatchNoCase ^RealDownload blockAccess
BrowserMatchNoCase ^Teleport blockAccess
BrowserMatchNoCase ^Webwhacker blockAccess
BrowserMatchNoCase ^WebDevil blockAccess
BrowserMatchNoCase ^Webzip blockAccess
BrowserMatchNoCase ^Attache blockAccess
BrowserMatchNoCase ^SiteSnagger blockAccess
BrowserMatchNoCase ^WX_mail blockAccess
BrowserMatchNoCase ^EmailCollector blockAccess
BrowserMatchNoCase ^WhoWhere blockAccess
BrowserMatchNoCase ^Roverbot blockAccess
BrowserMatchNoCase ^ActiveAgent blockAccess
BrowserMatchNoCase ^EmailSiphon blockAccess
BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess
BrowserMatchNoCase ^$ blockAccess
# Now set default access rights.
Allow from all
Deny from env=blockAccess
- 06 Feb 2007
Thanks Eric. I made the modifications, is now in MAIN and Patch04x01 branches. Rather than listing all spiders I added a pointer to TWiki:TWiki/ApacheConfigGenerator
because that list will change over time.
- 06 Feb 2007
- 07 Feb 2007
Closed with release of 4.1.2