On Thu, 3 Feb 2005, Kake L Pugh wrote:
On Thu 03 Feb 2005, Jo Walsh jo@frot.org wrote:
briefly, i set up an OG for some collaborators; they're now threatening to switch to a different wiki, and make the existing one read-only, because the spam problem is so bad.
the time/energy i want to devote to fixing this, is minimal.
Put something like this in .htaccess in the same directory as the wiki.cgi:
<Limit POST> Order deny,allow Deny from all AuthType Basic AuthName "Username: " AuthUserFile /home/kake/.htpasswd-openguides require valid-user satisfy any </Limit>
All the edit forms are POST. I think there is a POST search form as well, but this really needs changing to GET - there's no reason for search results not to be linkable to, and a search doesn't change data. Um, hack that in your version pending a fix in the distro. I wouldn't normally recommend that, but you seem to be in dire straits, and it's a bugfix which will go in at some point.
They won't get the auth request until after they've submitted the edit form though. I think (but have not tested this) that you can get around this by making a little login.cgi that's protected by the same htpasswd file and adding a link to this somewhere.
i found with CGI:Wiki:Kwiki that this caused errors when it asked you to authenticate on an edit for the first time in that session it would lose the edit. Since the wiki was just for my own use i limited it by ip in apache. like this <Limit POST> Order deny,allow Deny from all Allow from xxx.xxx.xxx.xxx Allow from yyy.yyy.yyy.yyy </Limit>
since there are basically only two places i edit it from and if im not at those places i can login to them easily enuff. This is fine given a limted set of users.
http://randomness.org.uk/wiki/?node=WikiSpam and you will note that you cant make edits :)