Instiki
Authorization (changes)

Showing changes from revision #7 to #8: Added | Removed

Simple Authentication and Authorization Using Apache

This is a solution I came up while using Apache 2 to proxy requests to Instiki:

<Virtualhost *:80>
        ServerName wiki.foo.bar

        ProxyRequests Off
        <Proxy *>
                Order Allow,Deny
                Allow from all
        </Proxy>

        <Location "/">
                AuthName "My Secure Wiki" 
                AuthType Basic
                Require valid-user
                AuthUserFile /home/wikiowner/instiki/wiki-aut-users
                ProxyPass http://foo.bar:2500/
                ProxyPassReverse http://foo.bar:2500/
        </Location>
</Virtualhost>

This is similar to the setup explained in How To Use Instiki As Web Site .

I moved the Proxy Pass? and Proxy Pass Reverse? directives into a Location directive, and included some additional configuration to enable authentication:

• Auth Name : This is the text that the browser will show up in the challenge box.

• Auth Type? : Can be Basic or Digest. I’m using the Basic scheme, which sends clear text passwords.

• Require : This configuration allows any valid user to access the Location.

• Auth User File? : The file path of the user/password database. This file is generated using the htpasswd utility and only works for Basic authentication. The user/password database should be located in a non-browsable directory.

Remember that with Basic authentication the passwords are send in clear text between the browser and the server. You should consider using SSL to protect them.

For more information on Apache 2 authentication and autorization check http://httpd.apache.org/docs/2.0/howto/auth.html

Elias Rangel

You can also use .htaccess to implement authorization of edit URLs using instiki-ar: Htaccess Authorization

EthanWinn

Shouldn’t some kind of authorization be implemented inside instiki, like in other wikis, so unregistered users couldn’t edit anything?