New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
Next step: Configure Foswiki
Previous step: Configure the locations of the Perl executable and the Foswiki modules
Up: Overview

Installing Foswiki: Configure the web server

Use the preinstalled apache2 package. This has the config under /etc/apache2 and the log files, html root etc. under /var/apache2.

Go to Foswiki:Support.ApacheConfigGenerator and save the generated results into a file called foswiki.conf. Copy the file to the apache2 config directory and setup Apache:
cp foswiki.conf /etc/apache2/
cd /etc/apache2; cp httpd.conf-example httpd.conf

Edit the Apache conf/httpd.conf file to contain the following directive:
Include /etc/apache2/foswiki.conf

Start apache2 from svc:
svcadm enable apache2

Protect your installation

For additional details and latest information on keeping your Foswiki site and data safe, see Foswiki:Support.SecuringYourSite.

Protect the configure script

For more information, refer to Foswiki:Support.ProtectingYourConfiguration.

You should never leave the configure script open to the public. Limit access to the bin/configure script to either localhost, an IP address or a specific user.

Note: In addition to any web server security protection that you have set up, when saving any configuration settings for the first time on the configure web page, you will be prompted to set a configuration password. This password must be entered on all subsequent configuration changes, and is also used to log in via the internal admin link (see the step "Define the administrator users"). Even after a configure password has been set, access to the configure page should still be restricted by the web server, in order to avoid revealing internal information to potential attackers.

Disable software from running in the pub directory

Turn off any kind of PHP, Perl, Python, Server Side Includes, or other software execution mechanisms supported by your web server in the pub directory. This prevents users from uploading malicious code as attachments. Different script execution mechanisms are disabled in different ways; see your web server configuration and documentation for more details.

Next step: Configure Foswiki
Previous step: Configure the locations of the Perl executable and the Foswiki modules
Up: Overview

  • Set IGVariant = Solaris10
Topic revision: r1 - 25 Jan 2010, IsaacLin - This page was cached on 23 Mar 2018 - 03:42.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License