That sure does Jeff. Have a happy New Year. -al
________________________________
From: Jeffrey T. Darlington <jeff(a)gpf-comics.com>
To: Al Johnson <alj62888(a)yahoo.com>om>; MediaWiki announcements and site admin list
<mediawiki-l(a)lists.wikimedia.org>
Sent: Tuesday, December 25, 2012 8:05 PM
Subject: Re: [MediaWiki-l] Can I turn-off wiki exports?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/25/2012 9:04 PM, Al Johnson wrote:
Thanks. I need the API for backend processes, but I
figure I could block public access to it's URL from Apache, although that's just a
guess as I'm a novice.
There are a number of ways to restrict access. Personally, I use
Apache's mod_rewrite, mostly because I have a lot of other rules already
in place. There are probably more efficient, lighter-weight methods you
could use.
To restrict access to the API to a hard-coded list of IPs, you could do
something like the following. Assuming you which to provide API access
to your local LAN with a Class C subnet of 192.168.1.x and you have
automated jobs on the same box using the loopback address, the following
will allow those IPs but block everyone else:
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\. # If not Local LAN IPs
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$ # If not loopback
RewriteRule ^/wikix?/api\.php - [F,L] # Forbid everyone else
The following politely redirects all requests for Special:Export back to
the wiki's root (main page), rather than sending a forbidden error.
Note that (a) in this example, I'm using the "Short URL" setup where
/wiki is the short path and /wikix is the raw path; (b) the first rule
performs the redirect for the short URL; and (c) the second and third
lines perform the raw URL redirect, which requires poking around on the
query string.
RewriteRule ^/wiki/Special:Export /wiki/ [R=permanent,L]
RewriteCond %{QUERY_STRING} Special:Export
RewriteRule ^/wikix/.* /wiki/ [R=permanent,L]
These can be prefaced with RewriteCond lines that can perform IP or
other forms of filtering as well.
Of course, as previously stated, as long as the wiki is publicly
accessible you can't stop scraping of the final rendered HTML. These
just block API access and the built-in export mechanism.
Hope that helps...
- --
Jeffrey T. Darlington
General Protection Fault
http://www.gpf-comics.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with undefined -
http://www.enigmail.net/
iEYEARECAAYFAlDaaZIACgkQVNMIBILmfwEtgQCgpLAQJ3u/pnDfyWE8V0vaUFJl
vlIAn3FoIm7oVuo94tk1gaCfLuoNPZW9
=VRL2
-----END PGP SIGNATURE-----