Difference: TWikiAccessControl (37 vs. 38)

Revision 382009-11-07 - TWikiContributor

-<
<
  TWiki Access Control 

Restricting read and write access to topics and webs, by Users and groups
 See "How TWiki evaluates ALLOW/DENY settings" below for more on how ALLOW and DENY interacts.
-<
<
+ Controlling access to Attachments
->
>
+ Securing File Attachments
-<
<
+Attachments are referred to directly, and are not normally indirected via TWiki scripts. This means that the above instructions for access control will not apply to attachments. It is possible that someone may inadvertently publicise a URL that they expected to be access-controlled.
->
>
+By default, TWiki does not secure file attachments. Without making the following changes to the twiki.conf file, it is possible for anyone who has access to the server to gain access to an attachment if they know the attachment's fully qualified path, even though access to the topic associated with the attachment is secured. This is because attachments are referred to directly by Apache, and are not by default delivered via TWiki scripts. This means that the above instructions for controlling to topics do not apply to attachments unless you make the changes as described below.
-<
<
+The easiest way to apply the same access control rules for attachments as apply to topics is to use the Apache mod_rewrite module, and configure your webserver to redirect accesses to attachments to the TWiki viewfile script. For example,
->
>
+An effective way to secure attachments is to apply the same access control settings to attachments as those applied to topics. This security enhancement can be accomplished by instructing the webserver via Apache's mod_rewrite module to redirect accesses to attachments via  the TWiki viewfile script, which honors the TWiki access controls settings to topics.

The preferred method to secure attachments is by editing the twiki.conf file to include:
     ScriptAlias /twiki/bin/ /filesystem/path/to/twiki/bin/
    Alias /twiki/pub/       /filesystem/path/to/twiki/pub/

    RewriteEngine on
-<
<
+    RewriteCond %{REQUEST_URI} !^/+twiki/+pub/+TWiki/+.+
    RewriteRule ^/+twiki/+pub/+([^/]+)/+((([^/]+)/+)+)(.+) /twiki/bin/viewfile/$1/$4?filename=$5 [L,PT]
->
>
+    RewriteCond %{REQUEST_URI} !^/+twiki/+pub/+(TWiki|Sandbox)/+.+
    RewriteRule ^/+twiki/+pub/+(.*)$  /twiki/bin/viewfile/$1 [L,PT]
-<
<
+That way all the controls that apply to the topic also apply to attachments to the topic. Other types of webserver have similar support.

Note: Images embedded in topics will load much slower since each image will be delivered by the viewfile script.
->
>
+Notes: 
 You can use TWiki:TWiki/ApacheConfigGenerator to generate the Apache config file for TWiki.
  You will need to restart your Apache server after this change.
  Images embedded in topics will load slower since attached images will also be delivered by the viewfile script. The TWiki web and Sandbox web are excluded for performance reasons.
  As an alternative to editing the twiki.conf file used by Apache, you can make the same change directly to the .htaccess file in the /twiki/bin directory.
  The viewfile script sets the mime type based upon file name suffix. Unknown types are served as text/plain which can result in corrupt files.
  Controlling who can manage top-level webs

View topic | History: r44 < r43 < r42 < r41 | More topic actions...

Copyright © 1999-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding ARC TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiAccessControl.