# bin/.htaccess.txt # # Controls access to TWiki scripts - to make Apache use it, rename this # file to '.htaccess' and REPLACE THE FOLLOWING STRINGS WITH PATHS # SPECIFIC TO YOUR INSTALLATION. Most required values can be seen in the # Path Settings section of =configure=. # # {DataDir} # Get the value from =configure= # {DefaultUrlHost} # Get the value from =configure= # {ScriptUrlPath} # Get the value from =configure= # {Administrators} # Space-separated list of the login name(s) of the person(s) allowed # to run the configure script # We set an environment variable called anonymous_spider # Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from # including its own topics as URLs and also prevents other TWikis from # doing the same. This is important to prevent the most obvious # Denial of Service attacks. # You can expand this by adding more BrowserMatchNoCase statements to # block evil browser agents trying the impossible task of mirroring a twiki # Example: # BrowserMatchNoCase ^SiteSucker anonymous_spider BrowserMatchNoCase ^$ anonymous_spider # Now set default access rights. Order Allow,Deny Allow from all Deny from env=anonymous_spider # Use CGI & Perl to handle all files in 'bin' directory, i.e. run as scripts # - this should remove the need to rename files to end in '.pl' etc, # if your web hosting provider permits this. Remove if using mod_perl. SetHandler cgi-script # Password file for TWiki users # # Authentication type (htpasswd file) (comment out this if you configure htpasswd / LDAP support) AuthUserFile {DataDir}/.htpasswd AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.' AuthType Basic #for htdigest password suport uncomment the following #AuthDigestDomain {DefaultUrlHost}{ScriptUrlPath}/viewauth {DefaultUrlHost}{ScriptUrlPath}/edit {DefaultUrlHost}{ScriptUrlPath}/preview {DefaultUrlHost}{ScriptUrlPath}/save {DefaultUrlHost}{ScriptUrlPath}/attach {DefaultUrlHost}{ScriptUrlPath}/upload {DefaultUrlHost}{ScriptUrlPath}/rename {DefaultUrlHost}{ScriptUrlPath}/manage {DefaultUrlHost}{ScriptUrlPath}/installpasswd {DefaultUrlHost}{ScriptUrlPath}/passwd #AuthDigestFile {DataDir}/.htdigest # For "Digest" authentication to work properly, this string must match # the value of configuration variable $authRealm #AuthName 'Enter your WikiName. (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.' #AuthType Digest #for LDAP password support uncomment the following (and fix up the paths) #AuthLDAPURL ldap://yourldapserver/dc=yourldapserver,dc=com?uid?sub?(objectClass=posixAccount) #AuthLDAPGroupAttribute memberUid #AuthLDAPGroupAttributeIsDN off # # require group cn=mygroup,ou=groups,dc=yourldapserver,dc=com # #AuthName ByPassword #AuthType Basic # File to return on access control error (e.g. wrong password) # By convention this is the TWikiRegistration page, that allows users # to register with the TWiki. Apache requires this to be a *local* path. ErrorDocument 401 {ScriptUrlPath}/view/TWiki/TWikiRegistration # Turn off directory indexing in this and sub directories Options -Indexes SetHandler blabla allow from all # configure should be restricted to a small number of users require user "{Administrators}" # These are scripts that might change content. The regular expression uses ".*" # at the end so it matches the scripts even if you had to add a .cgi or .pl # extension. If you want to require login for any other scripts, modify the # regular expression below as appropriate. # NB. The resetpasswd & passwd scripts are used to reset and change passwords. # They do their own validation of the user and therefore # should not use "require valid-user" require valid-user