• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
• Use
Item7848 for generic doc work for TWiki-6.1.1. Use Item7851 for doc work on extensions that are not part of a release. More... Close • Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
• Does this site look broken?. Use the LitterTray web for test cases.
Item3572: Typo in bin/.htaccess template that breaks authentication
Item Form Data
| AppliesTo: | Component: | Priority: | CurrentState: | WaitingFor: | TargetRelease | ReleasedIn |
|---|---|---|---|---|---|---|
| Engine | .htaccess template, configure | Normal | Closed | patch | 4.1.2 |
Edit Form Data
Detail
I have had the same problem as described in TWiki:Support.ConfigureAuthentication
- I cannot access the configure script. I have found the problem.
It is a problem in the .htaccess template - more specifically, the line "Allow from 127.0.0.1, 198.186.1.0".
I have found that separating IP numbers with a comma (e.g. 127.0.0.1, 198.186.1.0) caused failure to authenticate. Separating with spacebar (127.0.0.1 198.186.1.0) worked. You can also do wildcards, e.g. "198.186." will actually work (good for dialup modem users or non-static IPs).
So maybe someone should edit the bin/.htaccess template (for the next release) and remove the comma.
While someone is editing that template, they may want to make another improvement. The area regarding anonymous_spider could include a more comprehensive list of browser agents from TWiki:TWiki.ApacheConfigGenerator. Below is what I am using successfully:
- 06 Feb 2007
Thanks Eric. I made the modifications, is now in MAIN and Patch04x01 branches. Rather than listing all spiders I added a pointer to TWiki:TWiki/ApacheConfigGenerator because that list will change over time.
-- TWiki:Main.PeterThoeny - 06 Feb 2007
Great, thanks.
-- TWiki:Main.EricWoods - 07 Feb 2007
Closed with release of 4.1.2
KJL
- I cannot access the configure script. I have found the problem.
It is a problem in the .htaccess template - more specifically, the line "Allow from 127.0.0.1, 198.186.1.0".
I have found that separating IP numbers with a comma (e.g. 127.0.0.1, 198.186.1.0) caused failure to authenticate. Separating with spacebar (127.0.0.1 198.186.1.0) worked. You can also do wildcards, e.g. "198.186." will actually work (good for dialup modem users or non-static IPs).
So maybe someone should edit the bin/.htaccess template (for the next release) and remove the comma.
While someone is editing that template, they may want to make another improvement. The area regarding anonymous_spider could include a more comprehensive list of browser agents from TWiki:TWiki.ApacheConfigGenerator. Below is what I am using successfully:
# We set an environment variable called blockAccess # Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from # including its own topics as URLs and also prevents other TWikis from # doing the same. This is important to prevent the most obvious # Denial of Service attacks. # You can expand this by adding more BrowserMatchNoCase statements to # block evil browser agents trying the impossible task of mirroring a twiki # Example: # BrowserMatchNoCase ^SiteSucker blockAccess # BrowserMatchNoCase ^$ blockAccess # This list is from http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator #Block access from badly behaving robots and site sucking type programs. BrowserMatchNoCase ^SiteSucker blockAccess BrowserMatchNoCase ^iGetter blockAccess BrowserMatchNoCase ^larbin blockAccess BrowserMatchNoCase ^LeechGet blockAccess BrowserMatchNoCase ^RealDownload blockAccess BrowserMatchNoCase ^Teleport blockAccess BrowserMatchNoCase ^Webwhacker blockAccess BrowserMatchNoCase ^WebDevil blockAccess BrowserMatchNoCase ^Webzip blockAccess BrowserMatchNoCase ^Attache blockAccess BrowserMatchNoCase ^SiteSnagger blockAccess BrowserMatchNoCase ^WX_mail blockAccess BrowserMatchNoCase ^EmailCollector blockAccess BrowserMatchNoCase ^WhoWhere blockAccess BrowserMatchNoCase ^Roverbot blockAccess BrowserMatchNoCase ^ActiveAgent blockAccess BrowserMatchNoCase ^EmailSiphon blockAccess BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess BrowserMatchNoCase ^$ blockAccess # Now set default access rights. Order Allow,Deny Allow from all Deny from env=blockAccess-- TWiki:Main/EricWoods
- 06 Feb 2007
Thanks Eric. I made the modifications, is now in MAIN and Patch04x01 branches. Rather than listing all spiders I added a pointer to TWiki:TWiki/ApacheConfigGenerator because that list will change over time.
-- TWiki:Main.PeterThoeny - 06 Feb 2007
Great, thanks.
-- TWiki:Main.EricWoods - 07 Feb 2007
Closed with release of 4.1.2
KJL
| ItemTemplate | |
|---|---|
| Summary | Typo in bin/.htaccess template that breaks authentication |
| ReportedBy |
TWiki:Main.EricWoods
|
| Codebase | 4.0.5, 4.1.1 |
| SVN Range | TWiki-4.1.1, Sun, 04 Feb 2007, build 12769 |
| AppliesTo | Engine |
| Component | .htaccess template, configure |
| Priority | Normal |
| CurrentState | Closed |
| WaitingFor | |
| Checkins | 12783 12784 |
| TargetRelease | patch |
| ReleasedIn | 4.1.2 |
Topic revision: r6 - 2007-03-04 - KennethLavrsen
Site map
Bugs web
Create New Report
Index
Search
Detailed Items Query
Changes
100
Notifications
RSS Feed
Statistics
Preferences
Bugs 
Items by urgency
My Reports
Recently Closed
Extensions
By Status 
Waiting for Feedback
Confirmed
Being Worked On
Waiting for Release
No Action Required
Lima 
Fixes for Rel.Notes
Create Feature Request
Account 
Copyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback