# Autogenerated httpd.conf file for TWiki. # Generated at http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator # We set an environment variable called blockAccess. # # Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from # including its own topics as URLs and also prevents other TWikis from # doing the same. This is important to prevent the most obvious # Denial of Service attacks. # # You can expand this by adding more BrowserMatchNoCase statements to # block evil browser agents trying the impossible task of mirroring a twiki # # Example: # BrowserMatchNoCase ^SiteSucker blockAccess # BrowserMatchNoCase ^$ blockAccess BrowserMatchNoCase ^Accoona blockAccess BrowserMatchNoCase ^ActiveAgent blockAccess BrowserMatchNoCase ^Attache blockAccess BrowserMatchNoCase BecomeBot blockAccess BrowserMatchNoCase ^bot blockAccess BrowserMatchNoCase Charlotte/ blockAccess BrowserMatchNoCase ^ConveraCrawler blockAccess BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess BrowserMatchNoCase ^EmailCollector blockAccess BrowserMatchNoCase ^EmailSiphon blockAccess BrowserMatchNoCase ^e-SocietyRobot blockAccess BrowserMatchNoCase ^Exabot blockAccess BrowserMatchNoCase ^FAST blockAccess BrowserMatchNoCase ^FDM blockAccess BrowserMatchNoCase ^GetRight/6.0a blockAccess BrowserMatchNoCase ^GetWebPics blockAccess BrowserMatchNoCase ^Gigabot blockAccess BrowserMatchNoCase ^gonzo1 blockAccess BrowserMatchNoCase ^Google\sSpider blockAccess BrowserMatchNoCase ^ichiro blockAccess BrowserMatchNoCase ^ie_crawler blockAccess BrowserMatchNoCase ^iGetter blockAccess BrowserMatchNoCase ^IRLbot blockAccess BrowserMatchNoCase Jakarta blockAccess BrowserMatchNoCase ^Java blockAccess BrowserMatchNoCase ^KrakSpider blockAccess BrowserMatchNoCase ^larbin blockAccess BrowserMatchNoCase ^LeechGet blockAccess BrowserMatchNoCase ^LinkWalker blockAccess BrowserMatchNoCase ^Lsearch blockAccess BrowserMatchNoCase ^Microsoft blockAccess BrowserMatchNoCase ^MJ12bot blockAccess BrowserMatchNoCase MSIECrawler blockAccess BrowserMatchNoCase ^MSRBOT blockAccess BrowserMatchNoCase ^noxtrumbot blockAccess BrowserMatchNoCase ^NutchCVS blockAccess BrowserMatchNoCase ^RealDownload blockAccess BrowserMatchNoCase ^Rome blockAccess BrowserMatchNoCase ^Roverbot blockAccess BrowserMatchNoCase ^schibstedsokbot blockAccess BrowserMatchNoCase ^Seekbot blockAccess BrowserMatchNoCase ^SiteSnagger blockAccess BrowserMatchNoCase ^SiteSucker blockAccess BrowserMatchNoCase ^Snapbot blockAccess BrowserMatchNoCase ^sogou blockAccess BrowserMatchNoCase ^SpiderKU blockAccess BrowserMatchNoCase ^SpiderMan blockAccess BrowserMatchNoCase ^Squid blockAccess BrowserMatchNoCase ^Teleport blockAccess BrowserMatchNoCase ^User-Agent\: blockAccess BrowserMatchNoCase VoilaBot blockAccess BrowserMatchNoCase ^voyager blockAccess BrowserMatchNoCase ^W3C blockAccess BrowserMatchNoCase ^w3search blockAccess BrowserMatchNoCase ^Web\sDownloader blockAccess BrowserMatchNoCase ^WebCopier blockAccess BrowserMatchNoCase ^WebDevil blockAccess BrowserMatchNoCase ^WebSec blockAccess BrowserMatchNoCase ^WebVac blockAccess BrowserMatchNoCase ^Webwhacker blockAccess BrowserMatchNoCase ^Webzip blockAccess BrowserMatchNoCase ^Wells blockAccess BrowserMatchNoCase ^WhoWhere blockAccess BrowserMatchNoCase www\.netforex\.org blockAccess BrowserMatchNoCase ^WX_mail blockAccess BrowserMatchNoCase ^yacybot blockAccess BrowserMatchNoCase ^ZIBB blockAccess BrowserMatchNoCase ^$ blockAccess RedirectMatch /twiki/?$ http://localhost/cgi-bin/twiki/view$1 RedirectMatch /twiki(/([A-Z].*)?)?$ http://localhost/cgi-bin/twiki/view$1 # The ScriptAlias defines the bin directory as a directory where CGI # scripts are allowed. # The first parameter will be part of the URL to your installation e.g. # http://my.co.uk/twiki/bin/view/... # The second parameter must point to the physical path on your disc. #ScriptAlias /twiki/bin "/var/lib/twiki/bin" # The Alias defines a url that points to the root of the twiki installation. # It is used to access files in the pub directory (attachments etc) # It must come _after_ the ScriptAlias. Alias /twiki/pub "/var/www/twiki/pub" # This specifies the options on the TWiki scripts directory. The ExecCGI # and SetHandler tell apache that it contains scripts. "Allow from all" # lets any IP address access this URL. BrowserMatchNoCase ^$ anonymous_spider # Now set default access rights. Order Allow,Deny Allow from all Deny from env=blockAccess # Authentication type (htpasswd file) (comment out this if you configure htpasswd / LDAP support) AuthUserFile /var/lib/twiki/data/.htpasswd AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.' AuthType Basic # File to return on access control error (e.g. wrong password) ErrorDocument 401 /cgi-bin/twiki/view/TWiki/TWikiRegistration Options +ExecCGI +FollowSymLinks SetHandler cgi-script AllowOverride all Allow from all Order Deny,Allow Deny from all Allow from 127.0.0.1 # Require user TWikiGuest Require user %CONFIGUSER% # Satisfy Any require valid-user # This sets the options on the pub directory, which contains attachments and # other files like CSS stylesheets and icons. AllowOverride None stops a # user installing a .htaccess file that overrides these options. # Note that files in pub are *not* protected by TWiki Access Controls, # so if you want to control access to files attached to topics you need to # block access to the specific directories same way as the ApacheConfigGenerator # blocks access to the pub directory of the Trash web Options None AllowOverride None Order Allow,Deny Allow from all Deny from env=blockAccess # This line will redefine the mime type for the most common types of scripts AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi # #add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate # reducing the load on the server significantly #IF you can, you should enable this - it _will_ improve your twiki experience, even if you set it to under one day. # you may need to enable expires_module in your main apache config #LoadModule expires_module libexec/httpd/mod_expires.so #AddModule mod_expires.c # # # ExpiresActive on # ExpiresDefault "access plus 11 days" # # # # Security note: All other directories should be set so # that they are *not* visible as URLs, so we set them as =deny from all=. # protect it in case its still there. deny from all