# Example twiki.conf file to configure Apache for TWiki.
#
# You can base your Apache configuration for TWiki on this example
# file, but you are invited to use the Apache config generator at
# http://twiki.org/cgi-bin/view/TWiki/ApacheConfigGenerator
# to easily create an Apache conf file specific to your needs.
# Copy the generated content into a twiki.conf file and put it into
# the shared conf directory, typically at /etc/httpd/conf.d or
# /etc/apache2/conf.d.

# NOTE: If you use Apache 2.4 or later make sure to enable CGI
# in the primary apache configuration file (mod_cgi or mod_cgid).

# The first parameter will be part of the URL to your installation e.g.
# http://example.com/twiki/bin/view/...
#### You can change the first parameter to a short /do -- this parameter
#    and {ScriptUrlPath} configure setting must be the same.
# The second parameter must point to the physical path on your disk.
#### Change the _second_ path to match your local installation
ScriptAlias /twiki/bin "/home/httpd/twiki/bin"

# This defines a url that points to the twiki pub directory, which contains
# attachments and other files like CSS stylesheets and icons. 
#### Change the path to match your local installation
Alias /twiki/pub "/home/httpd/twiki/pub"

# Block access to typical spam related attachments (.htm and .html files)
# Except the TWiki directory which is read only and does have attached html files.
# You should uncomment the two lines below if the TWiki is on the public Internet
#SetEnvIf Request_URI "twiki/pub/.*\.[hH][tT][mM]?$" blockAccess
#SetEnvIf Request_URI "twiki/pub/TWiki/.*\.[hH][tT][mM]?$" !blockAccess

# We set an environment variable called blockAccess.
#
# Setting a BrowserMatchNoCase to ^$ is important. It prevents TWiki from
# including its own topics as URLs and also prevents other TWikis from
# doing the same. This is important to prevent the most obvious
# Denial of Service attacks.
#
# You can expand this by adding more BrowserMatchNoCase statements to
# block evil browser agents trying the impossible task of mirroring a TWiki.
# http://twiki.org/cgi-bin/view/TWiki.ApacheConfigGenerator has a good list
# of bad spiders to block.
#
# Example:
# BrowserMatchNoCase ^SiteSucker blockAccess
BrowserMatchNoCase ^$ blockAccess

# This specifies the options on the TWiki scripts directory. The ExecCGI
# and SetHandler tell apache that it contains scripts. "Allow from all"
# lets any IP address access this URL.

#### Change the path to match your local installation
<Directory "/home/httpd/twiki/bin">
	AllowOverride None
# NOTE: For Apache 2.4 and later use "Require all granted" instead of the next two lines:
	Order Allow,Deny
	Allow from all
	Deny from env=blockAccess

	Options ExecCGI FollowSymLinks
	SetHandler cgi-script

	# Password file for TWiki users
	AuthUserFile /home/httpd/twiki/data/.htpasswd
	AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith)'
	AuthType Basic
	
	# File to return on access control error (e.g. wrong password)
	# By convention this is the TWikiRegistration page, that allows users
	# to register with the TWiki. Apache requires this to be a *local* path.
	# Comment this out if you setup TWiki to completely deny access to TWikiGuest
	# in all webs or change the path to a static html page.
	ErrorDocument 401 /twiki/bin/view/TWiki/TWikiRegistration
	# Alternatively if your users are all known to be registered you may want
	# to redirect them to the ResetPassword page.
	# ErrorDocument 401 /twiki/bin/view/TWiki/ResetPassword

# When using Apache type login the following defines the TWiki scripts
# that makes Apache ask the browser to authenticate. It is correct that
# scripts such as view, resetpasswd & passwd are not authenticated.
# (un-comment to activate)
#<FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|rest|.*auth).*">
#	require valid-user
#</FilesMatch>

</Directory>


# This sets the options on the pub directory, which contains attachments and
# other files like CSS stylesheets and icons. AllowOverride None stops a
# user installing a .htaccess file that overrides these options.
# Finally all execution of PHP and other scripts is disabled.

# Note that files in pub are *not* protected by TWiki Access Controls,
# so if you want to control access to files attached to topics, you may
# need to add your own .htaccess files to subdirectories of pub. See the
# Apache documentation on .htaccess for more info.

#### Change the path to match your local installation
<Directory "/home/httpd/twiki/pub">
    #if you are using an svn checkout an pseudo-install.pl, you will need to enable symlinks
    #Options FollowSymLinks
	Options None
	AllowOverride Limit
# NOTE: For Apache 2.4 and later use "Require all granted" instead of the next two lines:
	Order Allow,Deny
	Allow from all
	
	# If you have PHP4 or PHP5 installed as Apache module make sure the directive below is enabled
	# If you do not have PHP installed you will need to comment out the directory below
	# to avoid errors.
	# If PHP is installed as CGI this flag is not needed and will in fact make Apache fail
	php_admin_flag engine off
	
	# If you have PHP3 installed as Apache module make sure the directive below is enabled
	# If PHP is installed as CGI this flag is not needed and will in fact make Apache fail
	#php3_engine off

	# This line will redefine the mime type for the most common types of scripts
	AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi
</Directory>