Hello Serverinos!

After configuring and running a web-server with apache2, PHP installation and MySQL setup + a MediaWiki installation etc. blah I now run into some problems/security questions.

1.) Block access/display to/of critical files

If I run a text-editor to edit a settings file .php, the editor (I use jed) always creates a backup named filename.php~
this backup is READABLE! by everybody who types that URL in their browser. that is f.e. the file localhost/mediawiki/LocalSettings.php~

Well I don't have to tell you, what plain stuff there could be read!

How can I get rid of this? Don't tell me the texteditor settings have to change. I mean access rights to those .php~ .html~ etc. files.

2.) Limit access in general

How can I set only very few valid entrypoints, and every other access is forbidden? I don't want ppl to go on f.e. localhost/mediawiki/maintenance/purge.php ... even if it does nothing, I don't want it! How to set?

3.) Display correct URL in browser?

The entry point is localhost/mediawiki/index.php. index.php is always shown, how can I turn this off? It looks noobish... No greater wiki site I know has this displayed. Even further URLs display the index.php, f.e. localhost/mediawiki/index.php/Coding

4.) How to setup SSL (https://) capability? If of any use?

Thx in advance!

Regards
marquisor

Hi,

1. You can use:
2. Usually normal users in those wikis are allowed access in specific directories. Only admins can access the maintenance/configuration directories and only after authentication.

3. Add index.php in the DirectoryIndex directive of your server.

4. If you think you need https, read your distro's documentation about adding ssl support in apache.

Regards