Revision 8601
Added by Aaron Marcuse-Kubitza over 11 years ago
| inputs/VegBIEN/TWiki/twiki.conf | ||
|---|---|---|
| 1 |
# Autogenerated httpd.conf file for TWiki. |
|
| 2 |
# Generated at http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator |
|
| 3 |
|
|
| 4 |
# IMPORTANT NOTE: Make sure to enable mod_cgid in the primary apache configuration file. |
|
| 5 |
|
|
| 6 |
# We set an environment variable called blockAccess. |
|
| 7 |
# |
|
| 8 |
# Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from |
|
| 9 |
# including its own topics as URLs and also prevents other TWikis from |
|
| 10 |
# doing the same. This is important to prevent the most obvious |
|
| 11 |
# Denial of Service attacks. |
|
| 12 |
# |
|
| 13 |
# You can expand this by adding more BrowserMatchNoCase statements to |
|
| 14 |
# block evil browser agents trying the impossible task of mirroring a twiki |
|
| 15 |
# |
|
| 16 |
# Example: |
|
| 17 |
# BrowserMatchNoCase ^SiteSucker blockAccess |
|
| 18 |
# BrowserMatchNoCase ^$ blockAccess |
|
| 19 |
|
|
| 20 |
BrowserMatchNoCase ^Accoona blockAccess |
|
| 21 |
BrowserMatchNoCase ^ActiveAgent blockAccess |
|
| 22 |
BrowserMatchNoCase ^Attache blockAccess |
|
| 23 |
BrowserMatchNoCase BecomeBot blockAccess |
|
| 24 |
BrowserMatchNoCase ^bot blockAccess |
|
| 25 |
BrowserMatchNoCase Charlotte/ blockAccess |
|
| 26 |
BrowserMatchNoCase ^ConveraCrawler blockAccess |
|
| 27 |
BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess |
|
| 28 |
BrowserMatchNoCase ^EmailCollector blockAccess |
|
| 29 |
BrowserMatchNoCase ^EmailSiphon blockAccess |
|
| 30 |
BrowserMatchNoCase ^e-SocietyRobot blockAccess |
|
| 31 |
BrowserMatchNoCase ^Exabot blockAccess |
|
| 32 |
BrowserMatchNoCase ^FAST blockAccess |
|
| 33 |
BrowserMatchNoCase ^FDM blockAccess |
|
| 34 |
BrowserMatchNoCase ^GetRight/6.0a blockAccess |
|
| 35 |
BrowserMatchNoCase ^GetWebPics blockAccess |
|
| 36 |
BrowserMatchNoCase ^Gigabot blockAccess |
|
| 37 |
BrowserMatchNoCase ^gonzo1 blockAccess |
|
| 38 |
BrowserMatchNoCase ^Google\sSpider blockAccess |
|
| 39 |
BrowserMatchNoCase ^ichiro blockAccess |
|
| 40 |
BrowserMatchNoCase ^ie_crawler blockAccess |
|
| 41 |
BrowserMatchNoCase ^iGetter blockAccess |
|
| 42 |
BrowserMatchNoCase ^IRLbot blockAccess |
|
| 43 |
BrowserMatchNoCase Jakarta blockAccess |
|
| 44 |
BrowserMatchNoCase ^Java blockAccess |
|
| 45 |
BrowserMatchNoCase ^KrakSpider blockAccess |
|
| 46 |
BrowserMatchNoCase ^larbin blockAccess |
|
| 47 |
BrowserMatchNoCase ^LeechGet blockAccess |
|
| 48 |
BrowserMatchNoCase ^LinkWalker blockAccess |
|
| 49 |
BrowserMatchNoCase ^Lsearch blockAccess |
|
| 50 |
BrowserMatchNoCase ^Microsoft blockAccess |
|
| 51 |
BrowserMatchNoCase ^MJ12bot blockAccess |
|
| 52 |
BrowserMatchNoCase MSIECrawler blockAccess |
|
| 53 |
BrowserMatchNoCase ^MSRBOT blockAccess |
|
| 54 |
BrowserMatchNoCase ^noxtrumbot blockAccess |
|
| 55 |
BrowserMatchNoCase ^NutchCVS blockAccess |
|
| 56 |
BrowserMatchNoCase ^RealDownload blockAccess |
|
| 57 |
BrowserMatchNoCase ^Rome blockAccess |
|
| 58 |
BrowserMatchNoCase ^Roverbot blockAccess |
|
| 59 |
BrowserMatchNoCase ^schibstedsokbot blockAccess |
|
| 60 |
BrowserMatchNoCase ^Seekbot blockAccess |
|
| 61 |
BrowserMatchNoCase ^SiteSnagger blockAccess |
|
| 62 |
BrowserMatchNoCase ^SiteSucker blockAccess |
|
| 63 |
BrowserMatchNoCase ^Snapbot blockAccess |
|
| 64 |
BrowserMatchNoCase ^sogou blockAccess |
|
| 65 |
BrowserMatchNoCase ^SpiderKU blockAccess |
|
| 66 |
BrowserMatchNoCase ^SpiderMan blockAccess |
|
| 67 |
BrowserMatchNoCase ^Squid blockAccess |
|
| 68 |
BrowserMatchNoCase ^Teleport blockAccess |
|
| 69 |
BrowserMatchNoCase ^User-Agent\: blockAccess |
|
| 70 |
BrowserMatchNoCase VoilaBot blockAccess |
|
| 71 |
BrowserMatchNoCase ^voyager blockAccess |
|
| 72 |
BrowserMatchNoCase ^W3C blockAccess |
|
| 73 |
BrowserMatchNoCase ^w3search blockAccess |
|
| 74 |
BrowserMatchNoCase ^Web\sDownloader blockAccess |
|
| 75 |
BrowserMatchNoCase ^WebCopier blockAccess |
|
| 76 |
BrowserMatchNoCase ^WebDevil blockAccess |
|
| 77 |
BrowserMatchNoCase ^WebSec blockAccess |
|
| 78 |
BrowserMatchNoCase ^WebVac blockAccess |
|
| 79 |
BrowserMatchNoCase ^Webwhacker blockAccess |
|
| 80 |
BrowserMatchNoCase ^Webzip blockAccess |
|
| 81 |
BrowserMatchNoCase ^Wells blockAccess |
|
| 82 |
BrowserMatchNoCase ^WhoWhere blockAccess |
|
| 83 |
BrowserMatchNoCase www\.netforex\.org blockAccess |
|
| 84 |
BrowserMatchNoCase ^WX_mail blockAccess |
|
| 85 |
BrowserMatchNoCase ^yacybot blockAccess |
|
| 86 |
BrowserMatchNoCase ^ZIBB blockAccess |
|
| 87 |
BrowserMatchNoCase ^$ blockAccess |
|
| 88 |
|
|
| 89 |
<IfModule mod_perl.c> |
|
| 90 |
# Mod_perl preloading |
|
| 91 |
PerlSwitches -T |
|
| 92 |
</IfModule> |
|
| 93 |
|
|
| 94 |
# The ScriptAlias defines the bin directory as a directory where CGI |
|
| 95 |
# scripts are allowed. |
|
| 96 |
# The first parameter will be part of the URL to your installation e.g. |
|
| 97 |
# http://example.com/do/view/... |
|
| 98 |
# The second parameter must point to the physical path on your disc. |
|
| 99 |
ScriptAlias /twiki/do "/home/bien/svn/web/.twiki/bin" |
|
| 100 |
|
|
| 101 |
# The Alias defines a url that points to the twiki pub directory, which |
|
| 102 |
# is the root of file attachments. |
|
| 103 |
Alias /twiki/pub "/home/bien/svn/web/.twiki/pub" |
|
| 104 |
Alias /twiki "/home/bien/svn/web/.twiki" |
|
| 105 |
|
|
| 106 |
# Block access to typical spam related attachments |
|
| 107 |
# Except the TWiki directory which is read only and does have attached html files. |
|
| 108 |
SetEnvIf Request_URI "/twiki/pub/.*\.[hH][tT][mM][lL]?$" blockAccess |
|
| 109 |
SetEnvIf Request_URI "/twiki/pub/TWiki/.*\.[hH][tT][mM][lL]?$" !blockAccess |
|
| 110 |
|
|
| 111 |
# This specifies the options on the TWiki scripts directory. The ExecCGI |
|
| 112 |
# and SetHandler tell apache that it contains scripts. "Require all granted" |
|
| 113 |
# lets any IP address access this URL. |
|
| 114 |
<Directory "/home/bien/svn/web/.twiki/bin"> |
|
| 115 |
AllowOverride None |
|
| 116 |
Require all granted |
|
| 117 |
Deny from env=blockAccess |
|
| 118 |
|
|
| 119 |
Options ExecCGI FollowSymLinks |
|
| 120 |
SetHandler cgi-script |
|
| 121 |
|
|
| 122 |
# Password file for TWiki users |
|
| 123 |
#AuthUserFile /home/bien/svn/web/.twiki/data/.htpasswd |
|
| 124 |
#AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith)' |
|
| 125 |
#AuthType Basic |
|
| 126 |
|
|
| 127 |
# File to return on access control error (e.g. wrong password) |
|
| 128 |
ErrorDocument 401 /twiki/do/view/TWiki/ResetPassword |
|
| 129 |
|
|
| 130 |
|
|
| 131 |
|
|
| 132 |
</Directory> |
|
| 133 |
|
|
| 134 |
<Directory "/home/bien/svn/web/.twiki"> |
|
| 135 |
Require all granted |
|
| 136 |
Deny from env=blockAccess |
|
| 137 |
|
|
| 138 |
# File to return on access control error (e.g. wrong password) |
|
| 139 |
ErrorDocument 401 /twiki/do/view/TWiki/ResetPassword |
|
| 140 |
</Directory> |
|
| 141 |
|
|
| 142 |
# This sets the options on the pub directory, which contains attachments and |
|
| 143 |
# other files like CSS stylesheets and icons. AllowOverride None stops a |
|
| 144 |
# user installing a .htaccess file that overrides these options. |
|
| 145 |
# Note that files in pub are *not* protected by TWiki Access Controls, |
|
| 146 |
# so if you want to control access to files attached to topics you need to |
|
| 147 |
# block access to the specific directories same way as the ApacheConfigGenerator |
|
| 148 |
# blocks access to the pub directory of the Trash web |
|
| 149 |
<Directory "/home/bien/svn/web/.twiki/pub"> |
|
| 150 |
#Options None |
|
| 151 |
Options FollowSymLinks |
|
| 152 |
AllowOverride None |
|
| 153 |
Require all granted |
|
| 154 |
Deny from env=blockAccess |
|
| 155 |
|
|
| 156 |
# Disable execusion of PHP scripts |
|
| 157 |
php_admin_flag engine off |
|
| 158 |
|
|
| 159 |
# This line will redefine the mime type for the most common types of scripts |
|
| 160 |
AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi |
|
| 161 |
|
|
| 162 |
#add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate |
|
| 163 |
# reducing the load on the server significantly |
|
| 164 |
#IF you can, you should enable this - it _will_ improve your twiki experience, even if you set it to under one day. |
|
| 165 |
# you may need to enable expires_module in your main apache config |
|
| 166 |
#LoadModule expires_module libexec/httpd/mod_expires.so |
|
| 167 |
#AddModule mod_expires.c |
|
| 168 |
#<ifmodule mod_expires.c> |
|
| 169 |
# <filesmatch "\.(jpg|gif|png|css|js)$"> |
|
| 170 |
# ExpiresActive on |
|
| 171 |
# ExpiresDefault "access plus 11 days" |
|
| 172 |
# </filesmatch> |
|
| 173 |
#</ifmodule> |
|
| 174 |
|
|
| 175 |
</Directory> |
|
| 176 |
|
|
| 177 |
# Spammers are known to attach their stuff and then move it to trash where it remains unnoticed. |
|
| 178 |
# We prevent viewing any attachments directly from pub |
|
| 179 |
<Directory "/home/bien/svn/web/.twiki/pub/Trash"> |
|
| 180 |
deny from all |
|
| 181 |
</Directory> |
|
| 182 |
|
|
| 183 |
|
|
Also available in: Unified diff
added inputs/VegBIEN/TWiki/twiki.conf