[pmwiki-users] farm security
Neil Herber
nospam at eton.ca
Wed Mar 16 12:54:50 CST 2005
At 2005-03-16 06:28 PM +0000, Hans is rumored to have said:
>I set up a pmwiki farm in a farm directory.
>Everything works fine, but I can access various folders
>directly through the browser, like the farm/script/ directory and the
>farm/ directory and the farm/cookbook/ directory.
>And I can run pmwiki from the icon in the filelist.
>Surely this is not right and I wonder where I went astray in
>all the file reshuffle to get this farm working.
>What is missing?
>
>Thanks in advance!
Hans
I think you need to turn off Apache directory indexing in the farm
directory. On my setup, indexing is off by default and I have to turn it on
where desired. Seems like the safest way to me.
I also explicitly put pmwiki.php off limits in the farm directory, like so:
### --- prevent execution of PmWiki in farm from anywhere -----
<Directory "filepathto/farm/pmwiki">
<Files pmwiki.php>
Order allow,deny
Deny from all
</Files>
</Directory>
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list