# Autogenerated httpd.conf file for TWiki.
# Generated at http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator

# We set an environment variable called blockAccess.
#
# Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from
# including its own topics as URLs and also prevents other TWikis from
# doing the same. This is important to prevent the most obvious
# Denial of Service attacks.
#
# You can expand this by adding more BrowserMatchNoCase statements to
# block evil browser agents trying the impossible task of mirroring a twiki
#
# Example:
# BrowserMatchNoCase ^SiteSucker blockAccess
# BrowserMatchNoCase ^$ blockAccess

BrowserMatchNoCase ^$ blockAccess

<IfModule mod_perl.c>
    # Mod_perl preloading
    PerlSwitches -T
</IfModule>

# The ScriptAlias defines the bin directory as a directory where CGI
# scripts are allowed.
# The first parameter will be part of the URL to your installation e.g.
# http://example.com/do/view/...
# The second parameter must point to the physical path on your disc.
ScriptAlias /bin "/var/www/html/twiki/bin"

# The Alias defines a url that points to the twiki pub directory, which
# is the root of file attachments.
# Secure file attachments by using ScriptAlias with viewfile script.
Alias       /pub/TWiki   "/var/www/html/twiki/pub/TWiki"
Alias       /pub/Sandbox "/var/www/html/twiki/pub/Sandbox"
ScriptAlias /pub         "/var/www/html/twiki/bin/viewfile"

# Block access to typical spam related attachments
# Except the TWiki directory which is read only and does have attached html files.
SetEnvIf Request_URI "/pub/.*\.[hH][tT][mM][lL]?$" blockAccess
SetEnvIf Request_URI "/pub/TWiki/.*\.[hH][tT][mM][lL]?$" !blockAccess

# This specifies the options on the TWiki scripts directory. The ExecCGI
# and SetHandler tell apache that it contains scripts. "Allow from all"
# lets any IP address access this URL.
<Directory "/var/www/html/twiki/bin">
    AllowOverride None
    Order Allow,Deny
    Allow from all
    Deny from env=blockAccess

    Options ExecCGI FollowSymLinks
    SetHandler cgi-script

    # Password file for TWiki users
    AuthUserFile /var/www/html/twiki/data/.htpasswd
    AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. SachinWable)'
    AuthType Basic

</Directory>

# This sets the options on the pub directory, which contains attachments and
# other files like CSS stylesheets and icons. AllowOverride None stops a
# user installing a .htaccess file that overrides these options.
# Note that files in pub are *not* protected by TWiki Access Controls,
# so if you want to control access to files attached to topics you need to
# block access to the specific directories same way as the ApacheConfigGenerator
# blocks access to the pub directory of the Trash web
<Directory "/var/www/html/twiki/pub">
    Options None
    AllowOverride None
    Order Allow,Deny
    Allow from all
    Deny from env=blockAccess

    # Disable execusion of PHP scripts
    php_admin_flag engine off

    # This line will redefine the mime type for the most common types of scripts
    AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi

#add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate
# reducing the load on the server significantly
#IF you can, you should enable this - it _will_ improve your twiki experience, even if you set it to under one day.
# you may need to enable expires_module in your main apache config
#LoadModule expires_module libexec/httpd/mod_expires.so
#AddModule mod_expires.c
#<ifmodule mod_expires.c>
#  <filesmatch "\.(jpg|gif|png|css|js)$">
#       ExpiresActive on
#       ExpiresDefault "access plus 11 days"
#   </filesmatch>
#</ifmodule>

</Directory>

# Spammers are known to attach their stuff and then move it to trash where it remains unnoticed.
# We prevent viewing any attachments directly from pub
<Directory "/var/www/html/twiki/pub/Trash">
   deny from all
</Directory>