On Thu, 3 Feb 2005, Kake L Pugh wrote:
On Thu 03 Feb 2005, Jo Walsh <jo(a)frot.org>
wrote:
briefly, i set up an OG for some collaborators;
they're now
threatening to switch to a different wiki, and make the existing one
read-only, because the spam problem is so bad.
the time/energy i want to devote to fixing this, is minimal.
Put something like this in .htaccess in the same directory as the wiki.cgi:
<Limit POST>
Order deny,allow
Deny from all
AuthType Basic
AuthName "Username: "
AuthUserFile /home/kake/.htpasswd-openguides
require valid-user
satisfy any
</Limit>
All the edit forms are POST. I think there is a POST search form as
well, but this really needs changing to GET - there's no reason for
search results not to be linkable to, and a search doesn't change
data. Um, hack that in your version pending a fix in the distro. I
wouldn't normally recommend that, but you seem to be in dire straits,
and it's a bugfix which will go in at some point.
They won't get the auth request until after they've submitted the edit
form though. I think (but have not tested this) that you can get
around this by making a little login.cgi that's protected by the same
htpasswd file and adding a link to this somewhere.
i found with CGI:Wiki:Kwiki that this caused errors when it asked you to
authenticate on an edit for the first time in that session it would lose
the edit. Since the wiki was just for my own use i limited it by ip in
apache.
like this
<Limit POST>
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
Allow from yyy.yyy.yyy.yyy
</Limit>
since there are basically only two places i edit it from and if im not at
those places i can login to them easily enuff.
This is fine given a limted set of users.
http://randomness.org.uk/wiki/?node=WikiSpam
and you will note that you cant make edits :)
--
Bob Walker
http://www.randomness.org.uk/
Plain Digestives. The biscuit for choice!