Tags:
create new tag
, view all tags

Question

How can I secure the configure script when I do not have access to the httpd.conf file?

I tried using .htaccess but that will disallow all access to the /bin directory, making TWiki not work any longer.

The TWiki documentation says: "The configure script the tool is designed for use by administrators only and should be restricted to invocation by them only, by using the basic Apache authentication."

My webhost allows me to password protect directories only. They say I should move the configure script to another directory and protect that directory. Would that work?

Thank you for your help!

Environment

TWiki version: TWikiRelease04x01x02
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Linux 2.6.9-34.106.unsupportedsmp (x86_64-linux)
Web server: Apache/1.3.37
Perl version:  
Client OS:  
Web Browser:  
Categories: Htaccess

-- MatthiasRoeder - 07 Jun 2007

Answer

ALERT! If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

Use .htaccess to set an Allow From for your IP address, and no access from any other. See the apache docs for how to use Allow/Deny.

-- CrawfordCurrie - 09 Jun 2007

Hi Crawford! Unfortunately this will not solve my problem. I want to protect one file in a directory that should otherwise be readable by everyone. If I set up .htaccess the way you suggested, no one but me will be able to read the content of the directory in which my configure script is. And this means that TWiki will not work any longer, right? Thanks again!

-- MatthiasRoeder - 10 Jun 2007

Matthias, take the bin/.htaccess as a template, it has this:

<FilesMatch "configure.*">
   SetHandler cgi-script
   Order Deny,Allow
   Deny from all
   Allow from 127.0.0.1, 192.168.1.10
   Require user {Administrators}
   Satisfy Any
</FilesMatch>

The {Administrators} is a bit misleading. You can specify user names that exist in the .htpasswd, such as:

Require user UserOne UserTwo UserThree

-- PeterThoeny - 10 Jun 2007

Change status to:
Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2007-06-10 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.