# Autogenerated httpd.conf file for TWiki. # Generated at http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator # IMPORTANT NOTE: Make sure to enable mod_cgid in the primary apache configuration file. # We set an environment variable called blockAccess. # # Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from # including its own topics as URLs and also prevents other TWikis from # doing the same. This is important to prevent the most obvious # Denial of Service attacks. # # You can expand this by adding more BrowserMatchNoCase statements to # block evil browser agents trying the impossible task of mirroring a twiki # # Example: # BrowserMatchNoCase ^SiteSucker blockAccess # BrowserMatchNoCase ^$ blockAccess BrowserMatchNoCase ^Accoona blockAccess BrowserMatchNoCase ^ActiveAgent blockAccess BrowserMatchNoCase ^Attache blockAccess BrowserMatchNoCase BecomeBot blockAccess BrowserMatchNoCase ^bot blockAccess BrowserMatchNoCase Charlotte/ blockAccess BrowserMatchNoCase ^ConveraCrawler blockAccess BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess BrowserMatchNoCase ^EmailCollector blockAccess BrowserMatchNoCase ^EmailSiphon blockAccess BrowserMatchNoCase ^e-SocietyRobot blockAccess BrowserMatchNoCase ^Exabot blockAccess BrowserMatchNoCase ^FAST blockAccess BrowserMatchNoCase ^FDM blockAccess BrowserMatchNoCase ^GetRight/6.0a blockAccess BrowserMatchNoCase ^GetWebPics blockAccess BrowserMatchNoCase ^Gigabot blockAccess BrowserMatchNoCase ^gonzo1 blockAccess BrowserMatchNoCase ^Google\sSpider blockAccess BrowserMatchNoCase ^ichiro blockAccess BrowserMatchNoCase ^ie_crawler blockAccess BrowserMatchNoCase ^iGetter blockAccess BrowserMatchNoCase ^IRLbot blockAccess BrowserMatchNoCase Jakarta blockAccess BrowserMatchNoCase ^Java blockAccess BrowserMatchNoCase ^KrakSpider blockAccess BrowserMatchNoCase ^larbin blockAccess BrowserMatchNoCase ^LeechGet blockAccess BrowserMatchNoCase ^LinkWalker blockAccess BrowserMatchNoCase ^Lsearch blockAccess BrowserMatchNoCase ^Microsoft blockAccess BrowserMatchNoCase ^MJ12bot blockAccess BrowserMatchNoCase MSIECrawler blockAccess BrowserMatchNoCase ^MSRBOT blockAccess BrowserMatchNoCase ^noxtrumbot blockAccess BrowserMatchNoCase ^NutchCVS blockAccess BrowserMatchNoCase ^RealDownload blockAccess BrowserMatchNoCase ^Rome blockAccess BrowserMatchNoCase ^Roverbot blockAccess BrowserMatchNoCase ^schibstedsokbot blockAccess BrowserMatchNoCase ^Seekbot blockAccess BrowserMatchNoCase ^SiteSnagger blockAccess BrowserMatchNoCase ^SiteSucker blockAccess BrowserMatchNoCase ^Snapbot blockAccess BrowserMatchNoCase ^sogou blockAccess BrowserMatchNoCase ^SpiderKU blockAccess BrowserMatchNoCase ^SpiderMan blockAccess BrowserMatchNoCase ^Squid blockAccess BrowserMatchNoCase ^Teleport blockAccess BrowserMatchNoCase ^User-Agent\: blockAccess BrowserMatchNoCase VoilaBot blockAccess BrowserMatchNoCase ^voyager blockAccess BrowserMatchNoCase ^W3C blockAccess BrowserMatchNoCase ^w3search blockAccess BrowserMatchNoCase ^Web\sDownloader blockAccess BrowserMatchNoCase ^WebCopier blockAccess BrowserMatchNoCase ^WebDevil blockAccess BrowserMatchNoCase ^WebSec blockAccess BrowserMatchNoCase ^WebVac blockAccess BrowserMatchNoCase ^Webwhacker blockAccess BrowserMatchNoCase ^Webzip blockAccess BrowserMatchNoCase ^Wells blockAccess BrowserMatchNoCase ^WhoWhere blockAccess BrowserMatchNoCase www\.netforex\.org blockAccess BrowserMatchNoCase ^WX_mail blockAccess BrowserMatchNoCase ^yacybot blockAccess BrowserMatchNoCase ^ZIBB blockAccess BrowserMatchNoCase ^$ blockAccess # Mod_perl preloading PerlSwitches -T # The ScriptAlias defines the bin directory as a directory where CGI # scripts are allowed. # The first parameter will be part of the URL to your installation e.g. # http://example.com/do/view/... # The second parameter must point to the physical path on your disc. ScriptAlias /twiki/do "/home/bien/svn/web/.twiki/bin" # The Alias defines a url that points to the twiki pub directory, which # is the root of file attachments. Alias /twiki/pub "/home/bien/svn/web/.twiki/pub" Alias /twiki "/home/bien/svn/web/.twiki" # Block access to typical spam related attachments # Except the TWiki directory which is read only and does have attached html files. SetEnvIf Request_URI "/twiki/pub/.*\.[hH][tT][mM][lL]?$" blockAccess SetEnvIf Request_URI "/twiki/pub/TWiki/.*\.[hH][tT][mM][lL]?$" !blockAccess # This specifies the options on the TWiki scripts directory. The ExecCGI # and SetHandler tell apache that it contains scripts. "Require all granted" # lets any IP address access this URL. AllowOverride None Require all granted Deny from env=blockAccess Options ExecCGI FollowSymLinks SetHandler cgi-script # Password file for TWiki users #AuthUserFile /home/bien/svn/web/.twiki/data/.htpasswd #AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith)' #AuthType Basic # File to return on access control error (e.g. wrong password) ErrorDocument 401 /twiki/do/view/TWiki/ResetPassword Require all granted Deny from env=blockAccess RedirectMatch ^/twiki/([A-Z0-9].*)?$ /twiki/do/view/$1 # File to return on access control error (e.g. wrong password) ErrorDocument 401 /twiki/do/view/TWiki/ResetPassword # This sets the options on the pub directory, which contains attachments and # other files like CSS stylesheets and icons. AllowOverride None stops a # user installing a .htaccess file that overrides these options. # Note that files in pub are *not* protected by TWiki Access Controls, # so if you want to control access to files attached to topics you need to # block access to the specific directories same way as the ApacheConfigGenerator # blocks access to the pub directory of the Trash web #Options None Options FollowSymLinks AllowOverride None Require all granted Deny from env=blockAccess # Disable execusion of PHP scripts php_admin_flag engine off # This line will redefine the mime type for the most common types of scripts AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi #add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate # reducing the load on the server significantly #IF you can, you should enable this - it _will_ improve your twiki experience, even if you set it to under one day. # you may need to enable expires_module in your main apache config #LoadModule expires_module libexec/httpd/mod_expires.so #AddModule mod_expires.c # # # ExpiresActive on # ExpiresDefault "access plus 11 days" # # # Spammers are known to attach their stuff and then move it to trash where it remains unnoticed. # We prevent viewing any attachments directly from pub deny from all