Question

I'm running TWiki 4.0.5. The twiki is perfectly accesible within our office, and from home it can be viewed. However, when an edit is attempted from home, we get this error: Access check on Main failed. Action "redirect": unsafe redirect to http://IPADDRESS/cgi-bin/twiki/view/Main/WebHome: http://IPADDRESS does not match DefaultUrlHost?.

The DefaultUrlHost is set to NAME1, this is the name of the server, it's used within the building by everyone. From the outside, we use the IP address (we do it this way for a variety of programs without any problems) - there's only on person who actually accesses this way, and he only does it once or twice a month. I tried to add the {PermittedRedirectHostUrls} to the twiki configuration but so far that hasn't worked. Is that only available in higher versions of twiki? Can someone give me an example so that I can be sure I phrased it correctly?

Thanks

Environment

-- CorrinneFahl - 12 Aug 2008

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

I think you have two ways to go. In configure set DefaultUrlHost to the IP and use the IP address always, in the office and at home.

The better way is to resolve the NAME1 from home. The dial-up connection in the remote workstation should be configure to use the DNS servers in the building. The details of this have to be coordinated with your network administrator.

Another way to resolve the name is to add a new line in the /etc/hosts (linux) file with IPADDRESS NAME1. In Windows workstations this can be done in c:\windows\system32\drivers\etc\hosts.

-- EnriqueCadalso - 12 Aug 2008

> Can someone give me an example so that I can be sure I phrased it correctly?

They are simply comma separated values (with no spaces):

{PermittedRedirectHostUrls}: If your host has aliases (such as both www.twiki.org and twiki.org, and some IP addresses) you need to list them to tell TWiki that redirecting to them is OK. TWiki uses redirection as part of its normal mode of operation when it changes between editing and viewing. The security setting {AllowRedirectUrl} is per default disabled making redirecting to other domains restricted to prevent TWiki from being used in phishing attacks to protect it from middleman exploits. You can add additional URLs to this setting to enable redirects to additional trusted sites. Enter as comma separated list of URLs or hostnames. The URL must be in the format http://your.domain.com.

I don't know the version that was added.

-- SeanCMorgan - 12 Aug 2008

I've tried again to use PermittedRedirectHostUrls (with the IP address set the default host) and it's still not working. The error message only lists DefaultUrlHost, it doesn't mention PermittedRedirectHostUrls... I'm wondering if that's an indication that the variable doesn't work with my version.

To Enrique - I'm not sure what you mean about the dial up connection to the remote workstation - the twiki is being served up via apache at the ip address. It's password protected and only available to 2 administrators, but it's not a dial up in a way that I understand dial up to mean.

-- CorrinneFahl - 12 Aug 2008

I don’t know how you connect to your office from the outside of from home. I guessed it was made establishing a direct connection to your company using a modem with a dial-up connection. If you connect through internet there are other technical aspect to be managed.

When you write http://NAME1 in your browser this NAME1 have to be resolved to an IP address. This is done automatically by your SO using the configured DNS servers in your workstation. Usually this configuration inside a company is also automatically made but when you are not in your company the workstation have to know what NAME1 means, no matter how do you actually connect.

As far as we can not know how this is configured in your company editing the host file is the shortest solution. There write a line like this (assuming 192.168.0.1 is the IP address and NAME1 the name of your twiki server)

192.168.0.1 NAME1

-- EnriqueCadalso - 12 Aug 2008

Enrique, Thank you. I've actually already got it working for just us having edited the host files this morning out of frustration. I think what I really want is probably to get permitted redirect to work, now I just need to figure out how to do that. Thank you for your help.

-- CorrinneFahl - 12 Aug 2008