DokuWiki

It's better when it's simple

User Tools

Site Tools


security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
security [2019-03-18 13:20]
kondurake Protect /vendor/ directory
security [2020-07-17 19:41] (current)
bactram spelling
Line 64: Line 64:
 </code> </code>
  
-**Remark** : Using apache2 on Ubuntu, the .htaccess does not work until you activate the 'mod_rewrite' in apache2 (sudo a2enmod rewrite && sudo service apache2 restart)+**Remark**: Using apache2 on Ubuntu, the .htaccess does not work until you activate the 'mod_rewrite' in apache2 (sudo a2enmod rewrite && sudo service apache2 restart)
  
 It seems that Apache2 in general, or it might be specifically to Ubuntu, is configured slightly differently than Apache1.x. It seems that Apache2 in general, or it might be specifically to Ubuntu, is configured slightly differently than Apache1.x.
Line 217: Line 217:
 ==== Deny Directory Access in Lighttpd ==== ==== Deny Directory Access in Lighttpd ====
  
-Using a [[http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModRewrite|URL re-write]] you can deny access to the above directories. In your lighttpd.conf file adding the following URL rewrite rule should be sufficient to keep people out((Unfortunately it does not not when people are using [[https://vivaldi.com/|Vivaldi]] and probably other chromium based browsers. When combined with "mod_accessit does keep people out.)) . It suppose your Dokuwiki files are installed under http://yourwebsite.tld/dokuwiki/. Don't forget to uncomment ''//"mod_rewrite"//'' in the ''//server.modules//'' section.+Using a [[[[https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModRewrite||URL re-write]] you can deny access to the above directories. In your /etc/lighttpd/lighttpd.conf file adding the following URL rewrite rule should be sufficient to keep people out. It supposes your Dokuwiki files are installed under http://yourwebsite.tld/dokuwiki/
 +  url.rewrite-once = "^/dokuwiki/(data|conf|bin|inc|vendor)/+." => "/nonexistentfolder"
 +Don't forget to uncomment or add “mod_rewrite” in the server.modules section of /etc/lighttpd/lighttpd.conf. It should look like this: 
 +  server.modules += ( 
 +    "mod_compress", 
 +    "mod_dirlisting", 
 +    "mod_staticfile", 
 +    "mod_rewrite", 
 +  ) 
 +Unfortunately it does not keep people out who are using Vivaldi and probably other Chromium based browsers. When combined with “[[https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccess|mod_access]]” it does keep people out. More mod_access examples are available [[https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccess|here]].\\ 
 +In /etc/lighttpd/lighttpd.conf "mod_accessshould be in the "server.modules = (" section. Also add
 <code> <code>
-url.rewrite-once = ( "^/dokuwiki/(data|conf|bin|inc|vendor)/+.*" => "/nonexistentfolder"+$HTTP["url"] =~ "^/dokuwiki/(data|conf|bin|inc|vendor)/+."
-</code> +url.access-deny = ("")
- +
-Or use ''//"mod_access"//''. More examples available [[http://redmine.lighttpd.net/wiki/lighttpd/Docs:ModAccess|here]]. +
-<code> +
-$HTTP["url"] =~ "^/dokuwiki/(data|conf|bin|inc|vendor)/+.*" { +
-    url.access-deny = ("")+
 } }
 </code> </code>
 +to /etc/lighttpd/lighttpd.conf.\\ 
 +\\ 
 +Restart lighttpd with systemctl reload-or-restart lighttpd and check the status with systemctl status lighttpd
 ==== Deny Directory Access in Nginx ==== ==== Deny Directory Access in Nginx ====
  
Line 297: Line 304:
 ==== Move Directories out of DocRoot ==== ==== Move Directories out of DocRoot ====
  
-The most secure way to avoid any access to  the mentioned directories is to move them outside the so called "Document Root" of your Webserver.+The most secure way to avoid any access to  the mentioned directories is to move them outside the so called "Document Root" of your Webserver. This is usually not needed if you followed the guides above and requires a bit more understanding on how webserver and DokuWiki works. None-the-less it is the safest way to secure your DokuWiki install regardless of the used webserver.
  
 **__WARNING:__** If you are planning to use the [[installer]], you need to install your wiki executing the install.php script first before you can do this step. If the Move Directories operation is done before, the installer execution will fail. **__WARNING:__** If you are planning to use the [[installer]], you need to install your wiki executing the install.php script first before you can do this step. If the Move Directories operation is done before, the installer execution will fail.
security.1552911606.txt.gz · Last modified: 2019-03-18 13:20 by kondurake