• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item3572: Typo in bin/.htaccess template that breaks authentication

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine .htaccess template, configure Normal Closed   patch 4.1.2

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

I have had the same problem as described in TWiki:Support.ConfigureAuthentication - I cannot access the configure script. I have found the problem.

It is a problem in the .htaccess template - more specifically, the line "Allow from 127.0.0.1, 198.186.1.0".

I have found that separating IP numbers with a comma (e.g. 127.0.0.1, 198.186.1.0) caused failure to authenticate. Separating with spacebar (127.0.0.1 198.186.1.0) worked. You can also do wildcards, e.g. "198.186." will actually work (good for dialup modem users or non-static IPs).

So maybe someone should edit the bin/.htaccess template (for the next release) and remove the comma.

While someone is editing that template, they may want to make another improvement. The area regarding anonymous_spider could include a more comprehensive list of browser agents from TWiki:TWiki.ApacheConfigGenerator. Below is what I am using successfully:


# We set an environment variable called blockAccess
# Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from
# including its own topics as URLs and also prevents other TWikis from
# doing the same. This is important to prevent the most obvious
# Denial of Service attacks.
# You can expand this by adding more BrowserMatchNoCase statements to
# block evil browser agents trying the impossible task of mirroring a twiki
# Example:
# BrowserMatchNoCase ^SiteSucker blockAccess
# BrowserMatchNoCase ^$ blockAccess

# This list is from http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator
#Block access from badly behaving robots and site sucking type programs.
BrowserMatchNoCase ^SiteSucker blockAccess
BrowserMatchNoCase ^iGetter blockAccess
BrowserMatchNoCase ^larbin blockAccess
BrowserMatchNoCase ^LeechGet blockAccess
BrowserMatchNoCase ^RealDownload blockAccess
BrowserMatchNoCase ^Teleport blockAccess
BrowserMatchNoCase ^Webwhacker blockAccess
BrowserMatchNoCase ^WebDevil blockAccess
BrowserMatchNoCase ^Webzip blockAccess
BrowserMatchNoCase ^Attache blockAccess
BrowserMatchNoCase ^SiteSnagger blockAccess
BrowserMatchNoCase ^WX_mail blockAccess
BrowserMatchNoCase ^EmailCollector blockAccess
BrowserMatchNoCase ^WhoWhere blockAccess
BrowserMatchNoCase ^Roverbot blockAccess
BrowserMatchNoCase ^ActiveAgent blockAccess
BrowserMatchNoCase ^EmailSiphon blockAccess
BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess
BrowserMatchNoCase ^$ blockAccess

# Now set default access rights.
Order Allow,Deny
Allow from all
Deny from env=blockAccess

-- TWiki:Main/EricWoods - 06 Feb 2007

Thanks Eric. I made the modifications, is now in MAIN and Patch04x01 branches. Rather than listing all spiders I added a pointer to TWiki:TWiki/ApacheConfigGenerator because that list will change over time.

-- TWiki:Main.PeterThoeny - 06 Feb 2007

Great, thanks.

-- TWiki:Main.EricWoods - 07 Feb 2007

Closed with release of 4.1.2

KJL

ItemTemplate
Summary Typo in bin/.htaccess template that breaks authentication
ReportedBy TWiki:Main.EricWoods
Codebase 4.0.5, 4.1.1
SVN Range TWiki-4.1.1, Sun, 04 Feb 2007, build 12769
AppliesTo Engine
Component .htaccess template, configure
Priority Normal
CurrentState Closed
WaitingFor

Checkins 12783 12784
TargetRelease patch
ReleasedIn 4.1.2
Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r6 - 2007-03-04 - KennethLavrsen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback