You are here: Foswiki>Support Web>InstallStepConfigureWebServer (24 Jan 2010, IsaacLin)Edit Attach

Next step: Configure Foswiki
Previous step: Configure the locations of the Perl executable and the Foswiki modules
Up: Overview

Installing Foswiki: Configure the web server

First choose the best configuration method for your web server. With Apache, there are two ways to configure it: a config file included from httpd.conf or .htaccess files. See "Choosing between a config and .htaccess file" for more information.

Protect your installation

For additional details and latest information on keeping your Foswiki site and data safe, see Foswiki:Support.SecuringYourSite.

Protect the configure script

For more information, refer to Foswiki:Support.ProtectingYourConfiguration.

You should never leave the configure script open to the public. Limit access to the bin/configure script to either localhost, an IP address or a specific user.

Steps to configure your web server to protect the configure script

Note: In addition to any web server security protection that you have set up, when saving any configuration settings for the first time on the configure web page, you will be prompted to set a configuration password. This password must be entered on all subsequent configuration changes, and is also used to log in via the internal admin link (see the step "Define the administrator users"). Even after a configure password has been set, access to the configure page should still be restricted by the web server, in order to avoid revealing internal information to potential attackers.

Disable software from running in the `pub` directory

Turn off any kind of PHP, Perl, Python, Server Side Includes, or other software execution mechanisms supported by your web server in the pub directory. This prevents users from uploading malicious code as attachments. Different script execution mechanisms are disabled in different ways; see your web server configuration and documentation for more details.