We relaunched the TWiki.org project with an expanded TWiki charter, and we invite you to participate! The TWiki.org Code of Conduct agreement took effect on 27 Oct 2008. We ask existing twiki.org users to opt-in. You need to opt-in to participate in the Blog, Codev, Plugins and TWiki webs. -- PeterThoeny - 27 Oct 2008
You are here: TWiki> Support Web>ALLOWWEBVIEWcannotSearch (13 Sep 2003, PeterThoeny)
Tags:
create new tag
, view all tags

Question

To restrict web access i have set ALLOWWEBVIEW. However when i set this and put the view script in my .htaccess file. I cannot search the web. I am using SmartSessionPlugin so that my WikiName is remembered.

.htaccess: 

# bin/.htaccess.txt
#
# Controls access to TWiki scripts - rename this to '.htaccess' to make
# Apache use it.

# Use CGI & Perl to handle all files in 'bin' directory, i.e. run as scripts
# - this should remove the need to rename files to end in '.pl' etc,
# if your web hosting provider permits this.  Remove if using mod_perl.
SetHandler cgi-script

# Password file for TWiki users
#
# The path here must be a system file pathname, not a URL - first part should 
# match the $dataDir setting in TWiki.cfg
AuthUserFile /var/www/html/twiki/data/.htpasswd
AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
AuthType Basic

# File to return on access control error (e.g. wrong password)
# The path here must be a URL path, not a file pathname - first part should 
# match the $scriptUrlPath in TWiki.cfg
ErrorDocument 401 /twiki/bin/oops/TWiki/TWikiRegistration?template=oopsauth

<Files ~ "[^/]*\.html$">
       SetHandler blabla
       allow from all
</Files>

<Files "viewauth">
       require valid-user
</Files>

<Files "edit">
       require valid-user
</Files>

<Files "preview">
       require valid-user
</Files>

<Files "save">
       require valid-user
</Files>

<Files "attach">
       require valid-user
</Files>

<Files "upload">
       require valid-user
</Files>

<Files "rename">
       require valid-user
</Files>

<Files "manage">
       require valid-user
</Files>

<Files "installpasswd">
       require valid-user
</Files>

<Files "logon">
   require valid-user
</Files>

<Files "view">
   require valid-user
</Files>

<Files "*">
       allow from all
</Files>

Note i also tried making a symlink to view called viewauth and putting viewauth in the .htaccess file.

Environment

TWiki version: 1 FEB 2003
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin, SmartSessionPlugin?
Server OS: RedHat? 9; kernel 2.4.0
Web server: Apache 2.0.40
Perl version: 5.8.0
Client OS: Windows2k SP3
Web Browser: Mozilla 1.2; IE6

-- ChipUpsal - 12 Sep 2003

Answer

Since you require login for view, you could require authentication for the search script, or simply for the whole twiki/bin directory.

-- PeterThoeny - 13 Sep 2003

WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 13 Sep 2003 - 20:13:44 - PeterThoeny
 
TWIKI.NET
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback