Tags:
create new tag
view all tags

Question

I would like to change globaly in TWiki the Server URL for request of edit and attach (or all authenticated request to increase security) to an SSL-Server URL. Which variables do I have to set and change?

(It is not enough to change the templates as New topics in the page remain the old insecure url.)

Environment

TWiki version: TWikiRelease02Sep2004
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: debian woody
Web server: apache
Perl version:  
Client OS: linux
Web Browser: mozilla
Categories: Security

-- JensRoeder - 14 Jun 2005

Answer

There are probably serveral ways to do that. Here is one:

Install TWiki twice, lets name them Secure and Public:

  • Secure TWiki:
    • Runs under SSL
    • Used to change (and view) content
  • Public TWiki:
    • Runs under regular HTTP
    • Used to view content only
    • Has a modified skin where the Edit and Attach links are removed
    • TWiki.cfg is configured to share the data and pub directory with the Secure TWiki

-- PeterThoeny - 03 Jul 2005

A different approach (at least if you are using Apache as web server): Let Apache do the work instead of TWiki.

  • Configure your web server(s) so that the SSL server uses a different .htaccess file than the insecure server. (This works both with two stand alone servers and with virtual servers)
  • In the .htaccess file for the insecure server, redirect all requests to edit etc to the secure server

-- JChristophFuchs - 02 Aug 2005

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2005-08-02 - JChristophFuchs
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.