[pmwiki-users] Securing Directories in PmWiki
5ko at 5ko.fr
Thu Sep 2 07:49:15 PDT 2021
On 01/09/2021 23:56, Curtis Stalesky wrote:
> I searched through the archived user questions and answers and found
> to secure directories requires an htaccess file which I think is
> by an apache http server software but not sure though.
A .htaccess file is not generated by the server, it is added by you (or
> So is this the only
> way to secure wiki directories on a server that the PmWiki is on or
> PmWiki have the capability to secure or lock down specific directories
> within the PmWiki directory listing/tree?
The "directory listing", if you mean the server's directory listings,
can be disabled again with a directive with a .htaccess file which looks
This, however, only disables the directory listings, not the access of
files to which someone has the URL.
> E.G. create an html/help
> directory that contains some files that's referenced on a wiki page and
> then be able to secure that directory with a PmWiki login or admin
If you mean pages managed by PmWiki, like the links I posted below, then
yes, PmWiki can restrict these pages or groups with a password.
In PmWiki, you can protect wiki pages and wiki groups (sections of the
website) from within PmWiki, or with a local configuration, see:
You usually don't need to worry about .htaccess for the page text
content, unless you have an unusual installation or a server other than
If you enable uploads (file attachments), by default they are not
restricted to signed in users, anyone with a link may be able to
download them. There is a way to restrict this by setting
$EnableDirectDownload to 0 in config.php, and either locking the uploads
directory with .htaccess, or moving it outside of the web-accessible
document root. See:
PmWiki can create .htaccess files to protect directories with sensible
data (wiki.d). If your server is Apache, and you want to lock the
uploads directory, you can copy the file wiki.d/.htaccess into the
If you have some content on the server unrelated to PmWiki, e.g. some
static html pages, then no, PmWiki cannot restrict the access to it.
There is a way to do this with Apache configuration and a .htpasswd
file. In such a case, PmWiki can be configured to also use the .htpasswd
file for authenticated users. This is a more advanced/complex situation,
and somewhat difficult to maintain, but see:
More information about the pmwiki-users