That sure does Jeff. Have a happy New Year. -al
________________________________ From: Jeffrey T. Darlington <[email protected]> To: Al Johnson <[email protected]>; MediaWiki announcements and site admin list <[email protected]> Sent: Tuesday, December 25, 2012 8:05 PM Subject: Re: [MediaWiki-l] Can I turn-off wiki exports? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/25/2012 9:04 PM, Al Johnson wrote: > Thanks. I need the API for backend processes, but I figure I could block > public access to it's URL from Apache, although that's just a guess as I'm a > novice. There are a number of ways to restrict access. Personally, I use Apache's mod_rewrite, mostly because I have a lot of other rules already in place. There are probably more efficient, lighter-weight methods you could use. To restrict access to the API to a hard-coded list of IPs, you could do something like the following. Assuming you which to provide API access to your local LAN with a Class C subnet of 192.168.1.x and you have automated jobs on the same box using the loopback address, the following will allow those IPs but block everyone else: RewriteCond %{REMOTE_ADDR} !^192\.168\.1\. # If not Local LAN IPs RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$ # If not loopback RewriteRule ^/wikix?/api\.php - [F,L] # Forbid everyone else The following politely redirects all requests for Special:Export back to the wiki's root (main page), rather than sending a forbidden error. Note that (a) in this example, I'm using the "Short URL" setup where /wiki is the short path and /wikix is the raw path; (b) the first rule performs the redirect for the short URL; and (c) the second and third lines perform the raw URL redirect, which requires poking around on the query string. RewriteRule ^/wiki/Special:Export /wiki/ [R=permanent,L] RewriteCond %{QUERY_STRING} Special:Export RewriteRule ^/wikix/.* /wiki/ [R=permanent,L] These can be prefaced with RewriteCond lines that can perform IP or other forms of filtering as well. Of course, as previously stated, as long as the wiki is publicly accessible you can't stop scraping of the final rendered HTML. These just block API access and the built-in export mechanism. Hope that helps... - -- Jeffrey T. Darlington General Protection Fault http://www.gpf-comics.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDaaZIACgkQVNMIBILmfwEtgQCgpLAQJ3u/pnDfyWE8V0vaUFJl vlIAn3FoIm7oVuo94tk1gaCfLuoNPZW9 =VRL2 -----END PGP SIGNATURE----- _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
