[pmwiki-users] Wiki farm security
Patrick R. Michaud
pmichaud at pobox.com
Wed Apr 20 07:37:49 CDT 2005
On Wed, Apr 20, 2005 at 10:13:50AM +0100, Hans wrote:
> I would like to know how to make a farm installation secure.
> I like to have no public access to pmwiki.php in the farm directory.
> The fields are in their separate directories. A normal pmwiki
> installation leaves pmwiki.php accessible, you can run it through its
> url in the browser address bar. But this makes no sense for a farm
> installation, when you don't want a farm having its own wiki.d, but
> only the fields having their wiki.d directories.
>
> When I put a htaccess file in the farm directory to deny access,
> the gui buttons don't work any more, and I guess othe raccess to the
> $FarmD/pub/ directory is not possible.
>
> So how can I prevent anyone from running pmwiki.php, but still allow
> browser access to the $Farm/pub/ directory?
The way I like to do it is to put the farm installation completely
outside the web tree, create a symlink or webserver alias so that
/farmpub points to the farm's pub/ directory, and then set
$FarmPubDirUrl = '/farmpub';
in the farmconfig.php.
If that doesn't work for you, let me know and we'll figure something
else out. The only thing that fields need to have visible to the
browser is the farm's pub/ directory.
Pm
More information about the pmwiki-users
mailing list