The advantage of requiring authentication for editing instead of using the “published” web files is that it retains searching, subscription links, etc. while preventing spam and such. Also, if you’re like me an operating on a restricted shared server fancy tricks are not an option.
Using instiki-ar (beta1) I was able to restrict editing using http auth through Apache in three steps:
I found that symbolic linking dispatch.cgi did not work, I had to copy the file (even with FollowSymLinks enabled).
I then added these rewrite rules to the .htaccess file in the public dir:
RewriteEngine On
RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} .*/edit/.*
RewriteRule ^(.*)$ edit.cgi [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ dispatch.cgi [QSA,L]
Then add whatever Auth lines you want, requiring authentication for edit.cgi. My Auth rules were:
AuthAuthoritative on
AuthUserFile /path_to_instiki_home/.htpasswd
AuthName 'Editing Restricted'
AuthType Basic
<FilesMatch "edit.cgi">
Require valid-user
</FilesMatch>