Difference between revisions of "Configure wiki security"

From Organic Design wiki
m (Apache configuration)
Line 51: Line 51:
 
     AllowOverride None
 
     AllowOverride None
 
     Order Deny,Allow
 
     Order Deny,Allow
     Options -Indexes
+
     Options All -Indexes
 
</Directory></pre>}}
 
</Directory></pre>}}
  

Revision as of 20:21, 3 March 2012

Procedure.svg Configure wiki security
Organic Design procedure

Error reporting

Error details should only be sent to sysops. A plain error message should be presented to all other users. The following can be added to LocalSettings.php to set this up. This snippet refers to an error.php file such as this one.

{{{1}}}

Protecting files

MediaWiki has a script called img_auth.php which is used to allow files to be protected. Requests to the image files are made via the img_auth.php script instead of into the image file structure, and the files are stored outside of web-accessible space. More information about the configuration can be found at MW:Manual:Image Authorization.

The setup is quite simple and just involves setting $wgUploadDirectory to the internal absolute location of the images, and $wgUploadPath to the external location of the img_auth.php script.

Unfortunately this method seems to have a problem with Friendly URL's, I had to patch the img_auth.php script so that the title part of the PATH_INFO would be extracted properly.

^.+/img_auth.php

Apache configuration

The rewrite rules are much simpler when using the above file protection technique because thumbnails and full images are treated the same way and are covered by the rule that handles normal script access within the /wiki directory. Also some additional directory rules should be added to restrict file-browsing.

RewriteEngine On

RewriteCond %{REQUEST_URI} ^/wiki/
RewriteRule (.*) $1 [L]

RewriteRule (.*) /wiki/index.php$1 [L]

<Directory />
    AllowOverride None
    Order Deny,Allow
    Options All -Indexes
</Directory>

See also