# Autogenerated httpd.conf file for TWiki.
# Generated at http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator

# Block access to typical spam related attachments
# Except the TWiki directory which is read only and does have attached html files.
SetEnvIf Request_URI "twiki/pub/.*\.[hH][tT][mM]?$" blockAccess
SetEnvIf Request_URI "twiki/pub/TWiki/.*\.[hH][tT][mM]?$" !blockAccess

#Block access from badly behaving robots and site sucking type programs.
BrowserMatchNoCase ^SiteSucker blockAccess
BrowserMatchNoCase ^iGetter blockAccess
BrowserMatchNoCase ^larbin blockAccess
BrowserMatchNoCase ^LeechGet blockAccess
BrowserMatchNoCase ^RealDownload blockAccess
BrowserMatchNoCase ^Teleport blockAccess
BrowserMatchNoCase ^Webwhacker blockAccess
BrowserMatchNoCase ^WebDevil blockAccess
BrowserMatchNoCase ^Webzip blockAccess
BrowserMatchNoCase ^Attache blockAccess
BrowserMatchNoCase ^SiteSnagger blockAccess
BrowserMatchNoCase ^WX_mail blockAccess
BrowserMatchNoCase ^EmailCollector blockAccess
BrowserMatchNoCase ^WhoWhere blockAccess
BrowserMatchNoCase ^Roverbot blockAccess
BrowserMatchNoCase ^ActiveAgent blockAccess
BrowserMatchNoCase ^EmailSiphon blockAccess
BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess
BrowserMatchNoCase ^$ blockAccess

# Mod_perl preloading
#Perlrequire /site/users/ssl.sakura.nani.no/www/data/twiki/tools/mod_perl_startup.pl
#PerlSwitches -T

# The ScriptAlias defines the bin directory as a directory where CGI
# scripts are allowed.
# The first parameter will be part of the URL to your installation e.g.
# http://my.co.uk/twiki/bin/view/...
# The second parameter must point to the physical path on your disc.
ScriptAlias /twiki/bin "/site/users/ssl.sakura.nani.no/www/data/twiki/bin"

# The Alias defines a url that points to the root of the twiki installation.
# It is used to access files in the pub directory (attachments etc)
# It must come _after_ the ScriptAlias.
Alias /twiki "/site/users/ssl.sakura.nani.no/www/data/twiki"

# This specifies the options on the TWiki scripts directory. The ExecCGI
# and SetHandler tell apache that it contains scripts. "Allow from all"
# lets any IP address access this URL.
<Directory "/site/users/ssl.sakura.nani.no/www/data/twiki/bin">
    AllowOverride All
    Order Allow,Deny
    Allow from all
    Deny from env=blockAccess

    Options ExecCGI FollowSymLinks
    SetHandler cgi-script

    # Password file for TWiki users
    AuthUserFile /site/users/ssl.sakura.nani.no/www/data/twiki/data/.htpasswd
    AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
    AuthType Basic
    
    # File to return on access control error (e.g. wrong password)
    # By convention this is the TWikiRegistration page, that allows users
    # to register with the TWiki. Apache requires this to be a *local* path.
    ErrorDocument 401 /twiki/bin/view/TWiki/TWikiRegistration

# Limit access to configure to specific IP addresses and or users.
# Make sure configure is not open to the general public.
# It exposes system details that can help attackers.
<FilesMatch "^(configure)$">
    SetHandler cgi-script
    Order Deny,Allow
    Deny from All   
    Allow from localhost 80.203.46.164 

</FilesMatch>

# Enable mod_perl for the bin scripts listed

#<FilesMatch "(attach|edit|manage|rename|save|upload|view|.*auth).*">
#    SetHandler perl-script
#    PerlResponseHandler ModPerl::Registry
#    PerlSendHeader On
#    PerlOptions +ParseHeaders
#</FilesMatch>

</Directory>

# This sets the options on the pub directory, which contains attachments and
# other files like CSS stylesheets and icons. AllowOverride None stops a
# user installing a .htaccess file that overrides these options.
# Note that files in pub are *not* protected by TWiki Access Controls,
# so if you want to control access to files attached to topics you need to
# block access to the specific directories same way as the ApacheConfigGenerator
# blocks access to the pub directory of the Trash web
<Directory "/site/users/ssl.sakura.nani.no/www/data/twiki/pub">
    Options None
    AllowOverride None
    Order Allow,Deny
    Allow from all
    Deny from env=blockAccess

    # Disable execusion of PHP scripts
    php_admin_flag engine off

    # This line will redefine the mime type for the most common types of scripts
    # It will also deliver HTML files as if they are text files
    AddType text/plain .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi
</Directory>

# Spammers are known to attach their stuff and then move it to trash where it remains unnoticed.
# We prevent viewing any attachments directly from pub
<Directory "/site/users/ssl.sakura.nani.no/www/data/twiki/pub/Trash">
	deny from all
</Directory>

# Security note: All other directories should be set so
# that they are *not* visible as URLs, so we set them as =deny from all=.
<Directory "/site/users/ssl.sakura.nani.no/www/data/twiki/data">
    deny from all
</Directory>

<Directory "/site/users/ssl.sakura.nani.no/www/data/twiki/templates">
    deny from all
</Directory>

<Directory "/site/users/ssl.sakura.nani.no/www/data/twiki/lib">
    deny from all
</Directory>

<Directory "/site/users/ssl.sakura.nani.no/www/data/twiki/locale">
    deny from all
</Directory>

<Directory "/site/users/ssl.sakura.nani.no/www/data/twiki/tools">
    deny from all
</Directory>