Securing single Wiki Pages with a Password#


Securing single JSPWiki pages with a password.


Apache Webserver with mod_proxy, mod_rewrite, mod_auth


Create two ProxyPass sections for your JSPWiki - one for the normal access and one for the secured access. This can be achieved like this:

# Don't make your apache an open web proxy
ProxyRequests off
# Normal world accessible
ProxyPass		/wiki/	http://localhost:8080/JSPWiki/
ProxyPassReverse	/wiki/	http://localhost:8080/JSPWiki/
# Secured access
ProxyPass		/swiki/	http://localhost:8080/JSPWiki/
ProxyPassReverse	/swiki/	http://localhost:8080/JSPWiki/

Then add a rewrite rule that redirects all access to pages with a special string in the name to the secured ReverseProxy:

	RewriteLog      "/var/log/apache2/rewrite_log"
        RewriteLogLevel 0

        RewriteEngine On
        # RewriteLog    /var/log/apache2/rewrite_log
        # RewriteLogLevel       5
        RewriteCond             %{QUERY_STRING} ^.*WSecure.*$
        RewriteRule             ^/wiki/(.*)$    /swiki/$1       [R,L]
This will redirect all wiki pages which contain the String "WSecure" in the page name to the secure area.

Finally protect the secured area by password:

<Location /swiki/*>
        AuthType Basic
        AuthName "Restricted/Private Area. Please provide password!"
        AuthUserFile  /srv/www/auth_user_file
        require valid-user

This will protect the access to the reverse proxy /swiki/ with a password and thus all pages containing the secured string in the page name will be protected by password. You can choose any string you want as the secure indicator. But make sure it doesn't appear in the name of pages you don't want to protect.

Back to Category Tips

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 28-Apr-2008 21:51 by yosih