SID-02085: Trying to modify the "Access denied" message

Status:	Answered	TWiki version:	6.0.1	Perl version:	Perl 5.14.2
Category:	CategorySecurity	Server OS:	Ubuntu 14.04	Last update:	10 years ago

I am making a wiki trying to use another web (I will call it Pedia from now on) which is not Main, as the main page, because I want to use the Pedia page as a board where every department can write public news. To do that, I need the "Change" permission or else it won't let me add any new topic. But the problem is if I use Main they will have access to the Groups and all kinds of unnecessary stuff for the normal user. So I'm restricting the use of Main, but the "Access denied" message redirects to that page.

How can I modify the "OK" link so it redirects to the web I need?

Thanks in advance

-- Dani Gil - 2015-07-08

Discussion and Answer

Customize twiki/templates/oopsaccessdenied.tmpl and make a note to reapply this change on next TWiki upgrade.

Also, I recommend to define a WIKILOGOURL setting in your Main.TWikiPreferences so that the default home link points to your primary Pedia web.

-- Peter Thoeny - 2015-07-08

I'm trying to change the variable WIKILOGOURL in TWikiPreferences but seems like it's not recognizing the parameter. I wrote the sentence here:

Site Specific Site-wide Preferences

• Set WIKILOGOURL = http://localhost:8081/bin/view/Pedia/WebHome

Then I tried to change the WIKIHOMEURL variable, just in case, but it didn't work either.

• Set WIKIHOMEURL = http://localhost:8081/bin/view/Pedia/WebHome

Any idea of what am I doing wrong?

PS: Already modified the oopsaccessdenied.tmpl file, thanks a lot Peter.

-- Dani Gil - 2015-07-09

The WIKILOGOURL takes effect in the logo in the upper right, and for the Home pulldown link. If you want to use this for the [OK] button link in your error message use it as %WIKILOGOURL%

-- Peter Thoeny - 2015-07-09

Oh I see. It did work already. Though I have another problem with making the Pedia site the main page, when I type http://localhost:8081 it shows me the page of TWiki that shows the options to read the readme, license, etc.

How can I make it redirect to the Pedia page? I have tried some ways described by some users in the support but none worked for me.

-- Dani Gil - 2015-07-10

That's something that needs to be configured in your web server, probably Apache since you are on Ubuntu.

I am using a very similar setup, not using "Main" as the portal to my TWiki. One single line in the apache configuration file (the file you might have created using ApacheConfigGenerator or written by yourself) does the trick for me:

• RedirectMatch ^/*$ http://localhost:8081/bin/view/Pedia/WebHome

Note that if you use "localhost", TWiki will only work if the browser is on the same system as the server. If you want others to share your Pedia with others, you'll need to enter the server's true DNS name here, as well as for the WIKIHOMEURL.

-- Harald Jörg - 2015-07-10

You mean the .htaccess file? I have it in data/ and I don't know why. Do you think I should move it to bin/ and that is the reason it is not working?

By the way I am just using localhost for now since I am still testing how it works, and modifying some features to adapt the wiki to the needs of my company.

-- Dani Gil - 2015-07-10

I'd guess moving it to bin/ wouldn't help, but it should be easier for you to try it out than for me to look it up

Anyway, a .htaccess file is definitely out of place in data/. The content of this file is for the web server, and Apache has no business with the data directory. You should really use Apache's usual configuration files, and you might need to get familiar, or to get help with Apache's configuration mechanism on Ubuntu. Configuring TWiki with .htaccess should only be used as a last resort if you are using an external web hoster who doesn't permit access to the configuration file, but since we're talking about localhost here, I doubt that this is the case.

Did you use ApacheConfigGenerator? If yes: Where did you put the file you got? Add the line to that file. If not: How does your web server find your TWiki installation? You might want to inspect the directory /etc/apache/sites-enabled to find where your configuration file sits.

A good place to add the line would be close to the Alias and ScriptAlias directives in the configuration file. These two tell Apache how to map pub and bin urls to their paths, and RedirectMatch adds a special treatment for the "empty" URL.

-- Harald Jörg - 2015-07-11

I have both files, .htaccess and twiki.conf (I think you meant that with the apache configuration file) but I don't know if there is any change necessary in order to delete .htaccess.

So far I have tried moving it to bin/ but an internal server error pops out if I do so. I have written the line below ScriptAlias in twiki.conf, but it does not seem to be doing anything.

I did use the Twiki ApacheConfigGenerator. The file twiki.conf is in the main directory, while .htaccess, .htpasswd and .htusers are in data/

I am a newbie in this topic so right now I am quite lost, sorry for the inconveniences.

-- Dani Gil - 2015-07-14

Don't use apache config files and .htaccess at the same time to configure a directory for HTML or script use, use one or the other. You have root access, so only use the twiki.conf file.

For security, only expose twiki/pub as an HTML doc root directory, and twiki/bin as a script directory. That is, the twiki root twiki and other directories below it except the two mentioned ones must not be exposed to the outside. The ApacheConfigGenerator does the right thing.

-- Peter Thoeny - 2015-07-14

I have deleted .htaccess.

This is my twiki.conf file, with the line already added:

---

# Autogenerated httpd.conf file for TWiki.
# Generated at http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator
BrowserMatchNoCase ^$ blockAccess
<IfModule mod_perl.c>
    # Mod_perl preloading
    PerlSwitches -T
</IfModule>
ScriptAlias /twiki/bin "/var/www/bin"

Alias /twiki/pub "/var/www/pub"
RedirectMatch ^/*$ http://localhost:8081/bin/view/Telepedia/WebHome
<Directory "/var/www/bin">
    Require all granted
    AllowOverride None
    Deny from env=blockAccess
    Options ExecCGI FollowSymLinks
    SetHandler cgi-script
    # Password file for TWiki users
    AuthType Basic
    AuthUserFile /var/www/data/.htpasswd
    AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith)'
    Require valid-user
    # File to return on access control error (e.g. wrong password)
    ErrorDocument 401 /twiki/bin/view/TWiki/TWikiRegistration
</Directory>

<Directory "/var/www/pub">
    Options None
    Require all granted
    AllowOverride None
    Deny from env=blockAccess
    php_admin_flag engine off
    AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi
</Directory>

<Directory "/var/www/twiki/data">
    deny from all
</Directory>

<Directory "/var/www/twiki/templates">
    deny from all
</Directory>

<Directory "/var/www/twiki/lib">
    deny from all
</Directory>

<Directory "/var/www/twiki/locale">
    deny from all
</Directory>

<Directory "/var/www/twiki/tools">
    deny from all
</Directory>

---

Do you know what is wrong? I've been staring at the file, but as I don't have much idea about this, I can't identify the problem.

-- Dani Gil - 2015-07-15

I do not understand what the remaining issue is, to many different topics here.

-- Peter Thoeny - 2015-07-15

I think it's rather obvious:

ScriptAlias /twiki/bin "/var/www/bin"
Alias /twiki/pub "/var/www/pub"
RedirectMatch ^/*$ http://localhost:8081/bin/view/Telepedia/WebHome 

If your ScriptAlias and Alias directives have a /twiki, you need this in RedirectMatch as well:

RedirectMatch ^/*$ http://localhost:8081/twiki/bin/view/Telepedia/WebHome 

Another hint, just in case: Usually it is better to attach config files (and other plaintext, non-TWiki stuff) than to paste them into the comment field. They are rather difficult to read after TWiki tries to format them.

-- Harald Jörg - 2015-07-15

Ok it's working now. Thank you both for the help!

-- Dani Gil - 2015-07-17

      Change status to: Asked question Answered question Closed unanswered