This question about Configuration: Answered

Protecting my Configure file

This is so confusing to me. I have been using for years and still have not been able to do this. I am running my foswiki on Dreamhost. I don't believe I have root access to Apache, but am not sure. We have multiple users on foswiki all required to login with password. I have a .htpasswd file in the data folder. I have .htacces in the root folder.

I have looked at the documentation for protecting the configuration file many times and it seems that what it tells me to look for, I cannot find. I have created a user that does not access the wiki to use only for accessing the config file. The documentation says to look for examples in the .htaccess file. No examples. I used the ApacheConfigureGenerator, but none of the files I am instructed to look for exist in my installation. Following are the instructions from the ApacheConfigureGenerator

The text field below now contains a complete foswiki.conf file to be included from httpd.conf. In many distributions the foswiki.conf file is automatically included by placing it in the directory that contains the other included Apache config files. Typically in /etc/httpd/conf.d or /etc/apache2/conf.d

You can also place it anywhere else add the following line to the end of your main httpd.conf file: include "/path/to/foswiki.conf"

By pressing the button below you select all the text in the textarea. Then you just need to copy the text to the clipboard and paste it into the foswiki.conf file.

I have no etc directory, no httpd directory, no apache2 directory. I dont hav a main httpd.conf file either. If someone could please help me, I would greatly appreciate it.

Thanks. Xochi
According to http://wiki.dreamhost.com/Apache_HTTP_Server "DreamHost customers have only limited access to Apache settings. Certain options can be changed through the Remap Sub-directories panel and .htaccess files." So your configuration is probably contained in your .htaccess file(s).

Presumably you want to prevent users other than one selected secret_user from accessing the configuration. You should be able to do this in .htaccess by simply pasting in the relevant section from the ApacheConfigGenerator. Assuming TemplateLoginManager, This is how I'd do it:
    AuthUserFile "/var/www/foswiki/data/.htpasswd"
    AuthName 'Enter your secret identity'
    AuthType Basic

    <FilesMatch "^(configure)$">
        SetHandler cgi-script
        Require user secret_user
        Satisfy All
        ErrorDocument 401 default
    </FilesMatch>

-- CrawfordCurrie - 09 Feb 2014

 

QuestionForm edit

Subject Configuration
Extension
Version Foswiki 1.1.8
Status Answered
Related Topics
Topic revision: r3 - 10 Jan 2015, LynnwoodBrown - This page was cached on 30 Mar 2017 - 13:14.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License