[pmwiki-users] secure farms (getting lost in compromises)

Kathryn Andersen kat_lists at katspace.homelinux.org
Sun Dec 17 01:58:26 CST 2006


On Sun, Dec 17, 2006 at 02:59:07AM +0000, J. Meijer wrote:
> 
> Hi, I suppose this is a subject many have problems with. For those who
> don't want to open up their wiki.d to the public, the question is how
> to install? It seems to me there is no satisfactory solution as
> various users did their thing but got criticised. I remember Patrick
> declaring once he'd publish his setup, but ever since, and especially
> this week he's desparately without time. I'd like some preferred,
> secure and workable solution. Even the default install of a single
> wiki in my opinion is no longer up-to-date. 

I think the difficulty with this is that TMTOWTDI
(There's More Than One Way To Do It)
 
For example, *my* farm setup takes advantage of the Apache "Alias"
command, which I can do because I have access to the Apache
configuration, but not everyone does.

I like my solution because it's simple, doesn't need me to move files
around, and only takes three lines of config in the Apache config file
for each farm.

This is how I have it set up:

All the web stuff is in /var/www/katspace.  The DOCUMENT_ROOT is
actually /var/www/katspace/htdocs; other directories in
/var/www/katspace are not accessible from the webserver.
This includes /var/www/katspace/pmwiki, which contains the master farm;
other farms are in /var/www/katspace/ficwiki and so on.

This solves the security problem of worrying about access to wiki.d or
cookbook or scripts directories.  Using the "Alias" command, I then make
only the required directories accessable to the webserver, as follows:

Alias /stuff/pub /var/www/katspace/pmwiki/pub
Alias /stuff/uploads /var/www/katspace/pmwiki/uploads
Alias /stuff /var/www/katspace/pmwiki/index.php

Thus, going http://www.katspace.org/stuff/ gets you to the main wiki
page.

The /var/www/katspace/pmwiki directory is set up just like a normal
PmWiki setup, straight out of the tarball.

Other farms are similar, though they only contain index.php, local/
pub/ wiki.d/ and uploads/ in them.

Alias /ficstuff/pub /var/www/katspace/ficwiki/pub
Alias /ficstuff/uploads /var/www/katspace/ficwiki/uploads
Alias /ficstuff /var/www/katspace/ficwiki/index.php

(And, yes, I am using CleanUrls)

But this basically boils down to this: there can never be *one*
"preferred solution".

Kathryn Andersen
-- 
 _--_|\     | Kathryn Andersen	<http://www.katspace.com>
/      \    | 
\_.--.*/    | GenFicCrit mailing list <http://www.katspace.com/gen_fic_crit/>
      v     | 
------------| Melbourne -> Victoria -> Australia -> Southern Hemisphere
Maranatha!  |	-> Earth -> Sol -> Milky Way Galaxy -> Universe




More information about the pmwiki-users mailing list