Project

General

Profile

1
# Autogenerated httpd.conf file for TWiki.
2
# Generated at http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator
3

    
4
# IMPORTANT NOTE: Make sure to enable mod_cgid in the primary apache configuration file.
5

    
6
# We set an environment variable called blockAccess.
7
#
8
# Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from
9
# including its own topics as URLs and also prevents other TWikis from
10
# doing the same. This is important to prevent the most obvious
11
# Denial of Service attacks.
12
#
13
# You can expand this by adding more BrowserMatchNoCase statements to
14
# block evil browser agents trying the impossible task of mirroring a twiki
15
#
16
# Example:
17
# BrowserMatchNoCase ^SiteSucker blockAccess
18
# BrowserMatchNoCase ^$ blockAccess
19

    
20
BrowserMatchNoCase ^Accoona blockAccess
21
BrowserMatchNoCase ^ActiveAgent blockAccess
22
BrowserMatchNoCase ^Attache blockAccess
23
BrowserMatchNoCase BecomeBot blockAccess
24
BrowserMatchNoCase ^bot blockAccess
25
BrowserMatchNoCase Charlotte/ blockAccess
26
BrowserMatchNoCase ^ConveraCrawler blockAccess
27
BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess
28
BrowserMatchNoCase ^EmailCollector blockAccess
29
BrowserMatchNoCase ^EmailSiphon blockAccess
30
BrowserMatchNoCase ^e-SocietyRobot blockAccess
31
BrowserMatchNoCase ^Exabot blockAccess
32
BrowserMatchNoCase ^FAST blockAccess
33
BrowserMatchNoCase ^FDM blockAccess
34
BrowserMatchNoCase ^GetRight/6.0a blockAccess
35
BrowserMatchNoCase ^GetWebPics blockAccess
36
BrowserMatchNoCase ^Gigabot blockAccess
37
BrowserMatchNoCase ^gonzo1 blockAccess
38
BrowserMatchNoCase ^Google\sSpider blockAccess
39
BrowserMatchNoCase ^ichiro blockAccess
40
BrowserMatchNoCase ^ie_crawler blockAccess
41
BrowserMatchNoCase ^iGetter blockAccess
42
BrowserMatchNoCase ^IRLbot blockAccess
43
BrowserMatchNoCase Jakarta blockAccess
44
BrowserMatchNoCase ^Java blockAccess
45
BrowserMatchNoCase ^KrakSpider blockAccess
46
BrowserMatchNoCase ^larbin blockAccess
47
BrowserMatchNoCase ^LeechGet blockAccess
48
BrowserMatchNoCase ^LinkWalker blockAccess
49
BrowserMatchNoCase ^Lsearch blockAccess
50
BrowserMatchNoCase ^Microsoft blockAccess
51
BrowserMatchNoCase ^MJ12bot blockAccess
52
BrowserMatchNoCase MSIECrawler blockAccess
53
BrowserMatchNoCase ^MSRBOT blockAccess
54
BrowserMatchNoCase ^noxtrumbot blockAccess
55
BrowserMatchNoCase ^NutchCVS blockAccess
56
BrowserMatchNoCase ^RealDownload blockAccess
57
BrowserMatchNoCase ^Rome blockAccess
58
BrowserMatchNoCase ^Roverbot blockAccess
59
BrowserMatchNoCase ^schibstedsokbot blockAccess
60
BrowserMatchNoCase ^Seekbot blockAccess
61
BrowserMatchNoCase ^SiteSnagger blockAccess
62
BrowserMatchNoCase ^SiteSucker blockAccess
63
BrowserMatchNoCase ^Snapbot blockAccess
64
BrowserMatchNoCase ^sogou blockAccess
65
BrowserMatchNoCase ^SpiderKU blockAccess
66
BrowserMatchNoCase ^SpiderMan blockAccess
67
BrowserMatchNoCase ^Squid blockAccess
68
BrowserMatchNoCase ^Teleport blockAccess
69
BrowserMatchNoCase ^User-Agent\: blockAccess
70
BrowserMatchNoCase VoilaBot blockAccess
71
BrowserMatchNoCase ^voyager blockAccess
72
BrowserMatchNoCase ^W3C blockAccess
73
BrowserMatchNoCase ^w3search blockAccess
74
BrowserMatchNoCase ^Web\sDownloader blockAccess
75
BrowserMatchNoCase ^WebCopier blockAccess
76
BrowserMatchNoCase ^WebDevil blockAccess
77
BrowserMatchNoCase ^WebSec blockAccess
78
BrowserMatchNoCase ^WebVac blockAccess
79
BrowserMatchNoCase ^Webwhacker blockAccess
80
BrowserMatchNoCase ^Webzip blockAccess
81
BrowserMatchNoCase ^Wells blockAccess
82
BrowserMatchNoCase ^WhoWhere blockAccess
83
BrowserMatchNoCase www\.netforex\.org blockAccess
84
BrowserMatchNoCase ^WX_mail blockAccess
85
BrowserMatchNoCase ^yacybot blockAccess
86
BrowserMatchNoCase ^ZIBB blockAccess
87
BrowserMatchNoCase ^$ blockAccess
88

    
89
<IfModule mod_perl.c>
90
	# Mod_perl preloading
91
	PerlSwitches -T
92
</IfModule>
93

    
94
# The ScriptAlias defines the bin directory as a directory where CGI
95
# scripts are allowed.
96
# The first parameter will be part of the URL to your installation e.g.
97
# http://example.com/do/view/...
98
# The second parameter must point to the physical path on your disc.
99
ScriptAlias /twiki/do "/home/bien/svn/web/.twiki/bin"
100

    
101
# The Alias defines a url that points to the twiki pub directory, which
102
# is the root of file attachments.
103
Alias /twiki/pub "/home/bien/svn/web/.twiki/pub"
104
Alias /twiki "/home/bien/svn/web/.twiki"
105

    
106
# Block access to typical spam related attachments
107
# Except the TWiki directory which is read only and does have attached html files.
108
SetEnvIf Request_URI "/twiki/pub/.*\.[hH][tT][mM][lL]?$" blockAccess
109
SetEnvIf Request_URI "/twiki/pub/TWiki/.*\.[hH][tT][mM][lL]?$" !blockAccess
110

    
111
# This specifies the options on the TWiki scripts directory. The ExecCGI
112
# and SetHandler tell apache that it contains scripts. "Require all granted"
113
# lets any IP address access this URL.
114
<Directory "/home/bien/svn/web/.twiki/bin">
115
	AllowOverride None
116
	Require all granted
117
	Deny from env=blockAccess
118

    
119
	Options ExecCGI FollowSymLinks
120
	SetHandler cgi-script
121

    
122
	# Password file for TWiki users
123
	#AuthUserFile /home/bien/svn/web/.twiki/data/.htpasswd
124
	#AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith)'
125
	#AuthType Basic
126

    
127
	# File to return on access control error (e.g. wrong password)
128
	ErrorDocument 401 /twiki/do/view/TWiki/ResetPassword
129

    
130

    
131

    
132
</Directory>
133

    
134
<Directory "/home/bien/svn/web/.twiki">
135
	Require all granted
136
	Deny from env=blockAccess
137

    
138
	RedirectMatch ^/twiki/([A-Z0-9].*)?$ /twiki/do/view/$1
139

    
140
	# File to return on access control error (e.g. wrong password)
141
	ErrorDocument 401 /twiki/do/view/TWiki/ResetPassword
142
</Directory>
143

    
144
# This sets the options on the pub directory, which contains attachments and
145
# other files like CSS stylesheets and icons. AllowOverride None stops a
146
# user installing a .htaccess file that overrides these options.
147
# Note that files in pub are *not* protected by TWiki Access Controls,
148
# so if you want to control access to files attached to topics you need to
149
# block access to the specific directories same way as the ApacheConfigGenerator
150
# blocks access to the pub directory of the Trash web
151
<Directory "/home/bien/svn/web/.twiki/pub">
152
	#Options None
153
	Options FollowSymLinks
154
	AllowOverride None
155
	Require all granted
156
	Deny from env=blockAccess
157

    
158
	# Disable execusion of PHP scripts
159
	php_admin_flag engine off
160

    
161
	# This line will redefine the mime type for the most common types of scripts
162
	AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi
163

    
164
#add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate
165
# reducing the load on the server significantly
166
#IF you can, you should enable this - it _will_ improve your twiki experience, even if you set it to under one day.
167
# you may need to enable expires_module in your main apache config
168
#LoadModule expires_module libexec/httpd/mod_expires.so
169
#AddModule mod_expires.c
170
#<ifmodule mod_expires.c>
171
#  <filesmatch "\.(jpg|gif|png|css|js)$">
172
#		ExpiresActive on
173
#		ExpiresDefault "access plus 11 days"
174
#	</filesmatch>
175
#</ifmodule>
176

    
177
</Directory>
178

    
179
# Spammers are known to attach their stuff and then move it to trash where it remains unnoticed.
180
# We prevent viewing any attachments directly from pub
181
<Directory "/home/bien/svn/web/.twiki/pub/Trash">
182
   deny from all
183
</Directory>
184

    
185

    
    (1-1/1)