On 01/09/2021 23:56, Curtis Stalesky wrote:
I searched through the archived user questions and answers and found
that
to secure directories requires an htaccess file which I think is
generated
by an apache http server software but not sure though.
A .htaccess file is not generated by the server, it is added by you (or
by PmWiki).
So is this the only
way to secure wiki directories on a server that the PmWiki is on or
does
PmWiki have the capability to secure or lock down specific directories
within the PmWiki directory listing/tree?
The "directory listing", if you mean the server's directory listings,
can be disabled again with a directive with a .htaccess file which looks
like this:
Options -Indexes
This, however, only disables the directory listings, not the access of
files to which someone has the URL.
E.G. create an html/help
directory that contains some files that's referenced on a wiki page and
then be able to secure that directory with a PmWiki login or admin
permissions?
If you mean pages managed by PmWiki, like the links I posted below, then
yes, PmWiki can restrict these pages or groups with a password.
In PmWiki, you can protect wiki pages and wiki groups (sections of the
website) from within PmWiki, or with a local configuration, see:
https://www.pmwiki.org/wiki/PmWiki/Passwords
https://www.pmwiki.org/wiki/PmWiki/PasswordsAdmin
You usually don't need to worry about .htaccess for the page text
content, unless you have an unusual installation or a server other than
Apache.
If you enable uploads (file attachments), by default they are not
restricted to signed in users, anyone with a link may be able to
download them. There is a way to restrict this by setting
$EnableDirectDownload to 0 in config.php, and either locking the uploads
directory with .htaccess, or moving it outside of the web-accessible
document root. See:
https://www.pmwiki.org/wiki/PmWiki/UploadsAdmin#direct_download
https://www.pmwiki.org/wiki/Cookbook/SecureAttachments
PmWiki can create .htaccess files to protect directories with sensible
data (wiki.d). If your server is Apache, and you want to lock the
uploads directory, you can copy the file wiki.d/.htaccess into the
uploads directory.
If you have some content on the server unrelated to PmWiki, e.g. some
static html pages, then no, PmWiki cannot restrict the access to it.
There is a way to do this with Apache configuration and a .htpasswd
file. In such a case, PmWiki can be configured to also use the .htpasswd
file for authenticated users. This is a more advanced/complex situation,
and somewhat difficult to maintain, but see:
https://www.pmwiki.org/wiki/PmWiki/AuthUser#toc-5.1
Petko
_______________________________________________
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
