# Autogenerated httpd.conf file for Foswiki. # Generated at http://foswiki.org/Support/ApacheConfigGenerator?vhost=192.168.99.123;port=80;dir=/var/lib/foswiki;symlink=;pathurl= /foswiki;shorterurls=disabled;engine=mod_perl;fastcgimodule=fastcgi;apver=2;allowconf=;requireconf=admin;loginmanager=Apache;htpath=/var/lib/foswiki/data;errordocument=UserRegistration;errorcustom=;phpinstalled=None;blockpubhtml=on;blocktrashpub=on;controlattach=on;blockspiders=;foswikiversion=1.0.0 # For Foswiki version 1.0.0 ServerAdmin webmaster@192.168.99.123 DocumentRoot /var/lib/foswiki ServerName 192.168.99.123 # The Alias defines a url that points to the root of the Foswiki installation. # The first parameter will be part of the URL to your installation e.g. # http://my.co.uk/foswiki/bin/view/... # The second parameter must point to the physical path on your disc. Alias /foswiki/bin "/var/lib/foswiki/bin" # The following Alias is used to access files in the pub directory (attachments etc) # It must come _after_ the ScriptAlias. # If short URLs are enabled, and any other local directories or files need to be accessed directly, they # must also be specified in an Alias statement, and must not conflict with a web name. Alias /foswiki/pub "/var/lib/foswiki/pub" # Rewriting is required for Short URLs, and Attachment redirecting to viewfile RewriteEngine on #RewriteLog "/var/log/apache/rewrite.log" #RewriteLogLevel 0 Alias /foswiki "/var/lib/foswiki" # # Dont rewrite any other /bin URLs # RewriteRule ^/+foswiki/bin/(.*)$ - [L,PT] # bin, stop rewriting # # Dont rewrite internal requests or robots.txt # RewriteCond %{IS_SUBREQ} ^true$ [OR] RewriteCond %{REQUEST_URI} ^/robots.txt$ RewriteRule .* - [L] # # Protect attachments by rewriting to the "viewfile" script # # Permit some safe exceptions to avoid viewfile overhead # Any gif/jpg/ico in /pub, and any files in /pub/System or any WebPreferences: # pass through unmodified RewriteCond %{REQUEST_URI} ^/+foswiki/pub/[^/]+\.(gif|jpe?g|ico)$ [NC,OR] RewriteCond %{REQUEST_URI} ^/+foswiki/pub/System/(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/+foswiki/pub/([^/]+/)+WebPreferences/([^/]+)$ RewriteRule ^/+foswiki/pub/.* - [L,PT] # These exceptions are risky. Permit some user content to bypass viewfile # Any gif, ico, png or jpg in any sub-directory of pub # that has the view script as the referrer (Can be spoofed!) # pass through unmodified. (If desired, uncomment all 3 lines) # Note that this does not work for short URLs because the referrer cannot be determined. #RewriteCond %{HTTP_REFERER} ^http://192.168.99.123/foswiki/bin/view.* #RewriteCond %{REQUEST_URI} ^/+foswiki/pub/([^/]+/)+([^/]+)\.(gif|ico|png|jpe?g)$ [NC] #RewriteRule ^/+foswiki/+pub/+.* - [L,PT] # Optional - do not rewrite /pub/images if ImageGalleryPlugin is installed - path is incompatible with viewfile #RewriteRule ^/+foswiki/+pub/+images/+.*$ - [L,PT] # If it makes it here, rewrite as viewfile RewriteRule ^/+foswiki/+pub/+(.*)$ /foswiki/bin/viewfile/$1 [L,PT] # Block access to typical spam related attachments # Except the Foswiki directory which is read only and does have attached html files. SetEnvIf Request_URI "/foswiki/pub/.*\.[hH][tT][mM][lL]?$" blockAccess SetEnvIf Request_URI "/foswiki/pub/System/.*\.[hH][tT][mM][lL]?$" !blockAccess # This enables access to the documents in the Foswiki root directory Order Allow,Deny Allow from all Deny from env=blockAccess PerlSwitches -wT PerlRequire /var/lib/foswiki/tools/mod_perl_startup.pl # This specifies the options on the Foswiki scripts directory. The ExecCGI # and SetHandler tell apache that it contains scripts. "Allow from all" # lets any IP address access this URL. # Note: If you use SELinux, you also have to "Allow httpd cgi support" in your SELinux policies AllowOverride None Order Allow,Deny Allow from all Deny from env=blockAccess Options +ExecCGI -FollowSymLinks SetHandler perl-script PerlResponseHandler Foswiki::Engine::Apache # Password file for Foswiki users AuthUserFile /var/lib/foswiki/data/.htpasswd AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.' AuthType Basic # File to return on access control error (e.g. wrong password) ErrorDocument 401 /foswiki/bin/view/System/UserRegistration # Limit access to configure to specific IP address(es) and user(s). # Make sure configure is not open to the general public. # It exposes system details that can help attackers. # cf. http://foswiki.org/Support/ProtectingYourConfiguration for details. SetHandler cgi-script Require user admin Satisfy All # When using Apache type login the following defines the Foswiki scripts # that makes Apache ask the browser to authenticate. It is correct that # scripts such as view are not authenticated. Require valid-user # This sets the options on the pub directory, which contains attachments and # other files like CSS stylesheets and icons. AllowOverride None stops a # user installing a .htaccess file that overrides these options. # Note that files in pub are *not* protected by Foswiki Access Controls, # so if you want to control access to files attached to topics you need to # block access to the specific directories same way as the ApacheConfigGenerator # blocks access to the pub directory of the Trash web Options None Options -FollowSymLinks AllowOverride None Order Allow,Deny Allow from all Deny from env=blockAccess ErrorDocument 404 /foswiki/bin/viewfile # This line will redefine the mime type for the most common types of scripts AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi # #add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate # reducing the load on the server significantly #IF you can, you should enable this - it _will_ improve your Foswiki experience, even if you set it to under one day. # you may need to enable expires_module in your main apache config #LoadModule expires_module libexec/httpd/mod_expires.so #AddModule mod_expires.c # # # ExpiresActive on # ExpiresDefault "access plus 11 days" # # # # Serve pre-compressed versions of .js and .css files, if they exist # Some browsers do not handle this correctly, which is why it is disabled by default # # RewriteEngine on # RewriteCond %{HTTP:Accept-encoding} gzip # RewriteCond %{REQUEST_FILENAME}.gz -f # RewriteRule ^(.*)$ %{REQUEST_URI}.gz [L,QSA] # # # RewriteEngine on # RewriteCond %{HTTP:Accept-encoding} gzip # RewriteCond %{REQUEST_FILENAME}.gz -f # RewriteRule ^([^?]*)\?(.*)$ $1.gz?$2 [L] # # # AddEncoding x-gzip .gz # AddType application/x-javascript .gz # # # AddEncoding x-gzip .gz # AddType text/css .gz # # Spammers are known to attach their stuff and then move it to trash where it remains unnoticed. # We prevent viewing any attachments directly from pub deny from all # Security note: All other directories should be set so # that they are *not* visible as URLs, so we set them as =deny from all=. deny from all deny from all deny from all deny from all deny from all deny from all # We set an environment variable called blockAccess. # # Setting a BrowserMatchNoCase to ^$ is important. It prevents Foswiki from # including its own topics as URLs and also prevents other Foswikis from # doing the same. This is important to prevent the most obvious # Denial of Service attacks. # # You can expand this by adding more BrowserMatchNoCase statements to # block evil browser agents trying the impossible task of mirroring a Foswiki # # Example: # BrowserMatchNoCase ^SiteSucker blockAccess # BrowserMatchNoCase ^$ blockAccess BrowserMatchNoCase ^$ blockAccess