CINXE.COM

<!DOCTYPE html> <html lang="uk" dir="ltr" class="no-js"> <head> <meta charset="utf-8" /> <title>uk:security [DokuWiki]</title> <meta name="generator" content="DokuWiki"/> <meta name="theme-color" content="#008800"/> <meta name="robots" content="index,follow"/> <meta name="keywords" content="uk,security"/> <link rel="search" type="application/opensearchdescription+xml" href="/lib/exe/opensearch.php" title="DokuWiki"/> <link rel="start" href="/"/> <link rel="contents" href="/uk:security?do=index" title="Зміст"/> <link rel="manifest" href="/lib/exe/manifest.php" crossorigin="use-credentials"/> <link rel="alternate" type="application/rss+xml" title="Останні зміни" href="/feed.php"/> <link rel="alternate" type="application/rss+xml" title="Поточний діапазон імен" href="/feed.php?mode=list&ns=uk"/> <link rel="edit" title="Редагувати цю сторінку" href="/uk:security?do=edit"/> <link rel="alternate" type="text/html" title="Простий HTML" href="/_export/xhtml/uk:security"/> <link rel="alternate" type="text/plain" title="Wiki розмітка" href="/_export/raw/uk:security"/> <link rel="canonical" href="https://www.dokuwiki.org/uk:security"/> <link rel="stylesheet" href="/lib/exe/css.php?t=dokuwiki&tseed=7ae64dbeb6443493d1676fcfa66176f2"/> <link rel="alternate" hreflang="en" href="https://www.dokuwiki.org/security"/> <link rel="alternate" hreflang="de" href="https://www.dokuwiki.org/de:security"/> <link rel="alternate" hreflang="es" href="https://www.dokuwiki.org/es:security"/> <link rel="alternate" hreflang="fr" href="https://www.dokuwiki.org/fr:security"/> <link rel="alternate" hreflang="it" href="https://www.dokuwiki.org/it:security"/> <link rel="alternate" hreflang="ja" href="https://www.dokuwiki.org/ja:security"/> <link rel="alternate" hreflang="ko" href="https://www.dokuwiki.org/ko:security"/> <link rel="alternate" hreflang="pl" href="https://www.dokuwiki.org/pl:security"/> <link rel="alternate" hreflang="ru" href="https://www.dokuwiki.org/ru:security"/> <link rel="alternate" hreflang="zh" href="https://www.dokuwiki.org/zh:security"/> <link rel="alternate" hreflang="x-default" href="https://www.dokuwiki.org/security"/> <script >var NS='uk';var JSINFO = {"plugins":{"edittable":{"default columnwidth":""}},"id":"uk:security","namespace":"uk","ACT":"show","useHeadingNavigation":0,"useHeadingContent":0};(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement);</script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js" defer="defer"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.14.1/jquery-ui.min.js" defer="defer"></script> <script src="/lib/exe/js.php?t=dokuwiki&tseed=7ae64dbeb6443493d1676fcfa66176f2&lang=uk" defer="defer"></script> <meta name="viewport" content="width=device-width,initial-scale=1" /> <link rel="shortcut icon" href="/lib/tpl/dokuwiki/images/favicon.ico" /> <link rel="apple-touch-icon" href="/lib/tpl/dokuwiki/images/apple-touch-icon.png" /> <meta name="verify-v1" content="OVxl3gsCv2MhZqh1cBQyl0JytWXSwXMjyvwc+4w3WtA=" /> <meta name="google-site-verification" content="YhTVK69hW94ZXUtc2zSLPxTkZKbZIn0zK67mz5WQB-E" />  <script async src="https://www.googletagmanager.com/gtag/js?id=UA-83791-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-83791-1', { 'anonymize_ip': true }); </script> </head> <body> <div id="dokuwiki__site"><div id="dokuwiki__top" class="site dokuwiki mode_show tpl_dokuwiki showSidebar hasSidebar">  <header id="dokuwiki__header"><div class="pad group"> <div class="headings group"> <ul class="a11y skip"> <li><a href="#dokuwiki__content">Перейти до змісту</a></li> </ul> <h1 class="logo"><a href="/start" accesskey="h" title="Головна [h]"><img src="/lib/tpl/dokuwiki/images/logo.png" width="64" height="64" alt="" /><span>DokuWiki</span></a></h1> <p class="claim">It's better when it's simple</p> </div> <div class="tools group">  <div id="dokuwiki__usertools"> <h3 class="a11y">Користувальницькі налаштування</h3> <ul> <li class="action login"><a href="/uk:security?do=login&sectok=" title="Увійти" rel="nofollow"><span>Увійти</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M10 17.25V14H3v-4h7V6.75L15.25 12 10 17.25M8 2h9a2 2 0 0 1 2 2v16a2 2 0 0 1-2 2H8a2 2 0 0 1-2-2v-4h2v4h9V4H8v4H6V4a2 2 0 0 1 2-2z"/></svg></a></li> </ul> </div>  <div id="dokuwiki__sitetools"> <h3 class="a11y">Налаштування сайту</h3> <form action="/start" method="get" role="search" class="search doku_form" id="dw__search" accept-charset="utf-8"><input type="hidden" name="do" value="search" /><input type="hidden" name="id" value="uk:security" /><div class="no"><input name="q" type="text" class="edit" title="[F]" accesskey="f" placeholder="Пошук" autocomplete="on" id="qsearch__in" value="" /><button value="1" type="submit" title="Пошук">Пошук</button><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form> <div class="mobileTools"> <form action="/doku.php" method="get" accept-charset="utf-8"><div class="no"><input type="hidden" name="id" value="uk:security" /><select name="do" class="edit quickselect" title="Налаштування"><option value="">Налаштування</option><optgroup label="Налаштування сторінки"><option value="edit">Редагувати цю сторінку</option><option value="revisions">Старі ревізії</option><option value="backlink">Посилання сюди</option></optgroup><optgroup label="Налаштування сайту"><option value="recent">Останні зміни</option><option value="media">Керування медіа-файлами</option><option value="index">Зміст</option></optgroup><optgroup label="Користувальницькі налаштування"><option value="login">Увійти</option></optgroup></select><button type="submit">></button></div></form> </div> <ul> <li class="action recent"><a href="/uk:security?do=recent" title="Останні зміни [r]" rel="nofollow" accesskey="r">Останні зміни</a></li><li class="action media"><a href="/uk:security?do=media&ns=uk" title="Керування медіа-файлами" rel="nofollow">Керування медіа-файлами</a></li><li class="action index"><a href="/uk:security?do=index" title="Зміст [x]" rel="nofollow" accesskey="x">Зміст</a></li> </ul> </div> </div>  <div class="breadcrumbs"> <div class="trace"><span class="bchead">Відвідано:</span> <span class="bcsep">•</span> <span class="curid"><bdi><a href="/uk:security" class="breadcrumbs" title="uk:security">security</a></bdi></span></div> </div> <hr class="a11y" /> </div></header> <div class="wrapper group">  <nav id="dokuwiki__aside" aria-label="Сайдбар"><div class="pad aside include group"> <h3 class="toggle">Сайдбар</h3> <div class="content"><div class="group"> <div class="notify">Цей переклад старіший ніж <a href="/security" class="wikilink1">оригінальна сторінка</a> і може бути не актуальним. Дивіться що <a href="/security?do=diff&rev=1707812246" class="wikilink1">було змінено</a>.</div><div class="plugin_translation is-dropdown"><span class="title">Переклад цієї сторінки<sup><a href="/localization" class="wikilink1" title="localization" data-wiki-id="localization">?</a></sup>: </span><ul><li class="a"><a class="wikilink1" title="English" href="/security">English (en)</a></li><li class="a"><a class="wikilink2" title="|العربية" href="/ar:security">|العربية (ar)</a></li><li class="a"><a class="wikilink2" title="Català" href="/ca:security">Català (ca)</a></li><li class="a"><a class="wikilink2" title="Česky" href="/cs:security">Česky (cs)</a></li><li class="a"><a class="wikilink2" title="Dansk" href="/da:security">Dansk (da)</a></li><li class="a"><a class="wikilink1" title="Deutsch" href="/de:security">Deutsch (de)</a></li><li class="a"><a class="wikilink2" title="Ελληνικά" href="/el:security">Ελληνικά (el)</a></li><li class="a"><a class="wikilink2" title="Esperanto" href="/eo:security">Esperanto (eo)</a></li><li class="a"><a class="wikilink1" title="Español" href="/es:security">Español (es)</a></li><li class="a"><a class="wikilink2" title="فارسی" href="/fa:security">فارسی (fa)</a></li><li class="a"><a class="wikilink1" title="Français" href="/fr:security">Français (fr)</a></li><li class="a"><a class="wikilink2" title="עברית" href="/he:security">עברית (he)</a></li><li class="a"><a class="wikilink2" title="Magyar" href="/hu:security">Magyar (hu)</a></li><li class="a"><a class="wikilink1" title="Italiano" href="/it:security">Italiano (it)</a></li><li class="a"><a class="wikilink1" title="日本語" href="/ja:security">日本語 (ja)</a></li><li class="a"><a class="wikilink1" title="한국어" href="/ko:security">한국어 (ko)</a></li><li class="a"><a class="wikilink2" title="Lietuvių Kalba" href="/lt:security">Lietuvių Kalba (lt)</a></li><li class="a"><a class="wikilink2" title="Nederlands" href="/nl:security">Nederlands (nl)</a></li><li class="a"><a class="wikilink2" title="Norsk" href="/no:security">Norsk (no)</a></li><li class="a"><a class="wikilink1" title="Polski" href="/pl:security">Polski (pl)</a></li><li class="a"><a class="wikilink2" title="Português" href="/pt-br:security">Português (pt-br)</a></li><li class="a"><a class="wikilink2" title="Română" href="/ro:security">Română (ro)</a></li><li class="a"><a class="wikilink1" title="Русский" href="/ru:security">Русский (ru)</a></li><li class="a"><a class="wikilink2" title="Српски Језик" href="/sr:security">Српски Језик (sr)</a></li><li class="a"><a class="wikilink2" title="Svenska" href="/sv:security">Svenska (sv)</a></li><li class="a"><a class="wikilink2" title="ไทย" href="/th:security">ไทย (th)</a></li><li class="span"><span class="wikilink1" title="Українська">Українська (uk)</span></li><li class="a"><a class="wikilink1" title="中文" href="/zh:security">中文 (zh)</a></li><li class="a"><a class="wikilink2" title="繁體中文" href="/zh-tw:security">繁體中文 (zh-tw)</a></li></ul></div> <p> <strong>Дізнайтеся більше про «Докувікі»</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/features" class="wikilink1" title="features" data-wiki-id="features">Features</a> & <a href="/blogroll" class="wikilink1" title="blogroll" data-wiki-id="blogroll">reviews</a> </div> </li> <li class="level1"><div class="li"> <a href="/install" class="wikilink1" title="install" data-wiki-id="install">Installation guide</a></div> </li> <li class="level1"><div class="li"> <a href="/manual" class="wikilink1" title="manual" data-wiki-id="manual">User manual</a> & <a href="/wiki:syntax" class="wikilink1" title="wiki:syntax" data-wiki-id="wiki:syntax">syntax</a></div> </li> <li class="level1"><div class="li"> <a href="/changes" class="wikilink1" title="changes" data-wiki-id="changes">Release notes</a></div> </li> <li class="level1"><div class="li"> <a href="/faq" class="wikilink1" title="faq" data-wiki-id="faq">FAQ</a></div> </li> </ul> <p> <strong>Розширене користування</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/extensions" class="wikilink1" title="extensions" data-wiki-id="extensions">Extensions</a></div> </li> <li class="level1"><div class="li"> <a href="/development" class="wikilink1" title="development" data-wiki-id="development">Development manual</a></div> </li> </ul> <p> <strong>Корпоративне використання</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/faq:support" class="wikilink1" title="faq:support" data-wiki-id="faq:support">Get support</a></div> </li> <li class="level1"><div class="li"> <a href="/donate" class="wikilink1" title="donate" data-wiki-id="donate">Donations</a></div> </li> </ul> <p> <strong>Наша Громада</strong> </p> <ul> <li class="level1"><div class="li"> <a href="/teams:getting_involved" class="wikilink1" title="teams:getting_involved" data-wiki-id="teams:getting_involved">Get involved</a></div> </li> <li class="level1"><div class="li"> <a href="https://forum.dokuwiki.org/" class="urlextern" title="https://forum.dokuwiki.org/">User forum</a></div> </li> <li class="level1"><div class="li"> <a href="/newsletter" class="wikilink1" title="newsletter" data-wiki-id="newsletter">Newsletter</a></div> </li> <li class="level1"><div class="li"> <a href="/mailinglist" class="wikilink1" title="mailinglist" data-wiki-id="mailinglist">Development mailinglist</a></div> </li> </ul> <hr /> <p> Слідкуй за нами на <a href="https://www.facebook.com/pages/DokuWiki/52877633616" class="urlextern" title="https://www.facebook.com/pages/DokuWiki/52877633616">Facebook</a>, <a href="https://twitter.com/dokuwiki" class="urlextern" title="https://twitter.com/dokuwiki">Twitter</a> and other <a href="/social" class="wikilink1" title="social" data-wiki-id="social">social networks</a>. </p> </div></div> </div></nav>  <main id="dokuwiki__content"><div class="pad group"> <div class="pageId"><span>uk:security</span></div> <div class="page group">   <div id="dw__toc" class="dw__toc"> <h3 class="toggle">Зміст</h3> <div> <ul class="toc"> <li class="level1"><div class="li"><a href="#безпека">Безпека</a></div> <ul class="toc"> <li class="level2"><div class="li"><a href="#звітування_та_сповіщення">Звітування та сповіщення</a></div></li> <li class="level2"><div class="li"><a href="#безпека_доступу_через_веб-інтерфейс">Безпека доступу через веб-інтерфейс</a></div> <ul class="toc"> <li class="level3"><div class="li"><a href="#deny_directory_access_in_apache">Deny Directory Access in Apache</a></div></li> <li class="level3"><div class="li"><a href="#deny_directory_access_in_iis">Deny Directory Access in IIS</a></div></li> <li class="level3"><div class="li"><a href="#deny_directory_access_in_lighttpd">Deny Directory Access in Lighttpd</a></div></li> <li class="level3"><div class="li"><a href="#deny_directory_access_in_nginx">Deny Directory Access in Nginx</a></div></li> <li class="level3"><div class="li"><a href="#deny_directory_access_in_cherokee">Deny Directory Access in Cherokee</a></div></li> <li class="level3"><div class="li"><a href="#deny_directory_access_in_caddy">Deny Directory Access in Caddy</a></div></li> <li class="level3"><div class="li"><a href="#move_directories_out_of_docroot">Move Directories out of DocRoot</a></div></li> </ul> </li> <li class="level2"><div class="li"><a href="#dokuwiki_configuration_settings">DokuWiki Configuration Settings</a></div></li> <li class="level2"><div class="li"><a href="#plugin_security">Plugin Security</a></div></li> <li class="level2"><div class="li"><a href="#access_control">Access Control</a></div></li> <li class="level2"><div class="li"><a href="#additional_reading">Additional Reading</a></div></li> </ul></li> </ul> </div> </div>  <h1 class="sectionedit1" id="безпека">Безпека</h1> <div class="level1"> <p> DokuWiki - це веб-застосунок, який часто використовується на публічних серверах, доступних з Інтернету. Це означає, що він перебуває у великому ризику бути атакованим зловмисними особами, ніж, наприклад, локальний застосунок на вашій робочому столі. </p> <p> DokuWiki розроблено з урахуванням безпеки. Ми намагаємося знайти баланс між зручністю для користувачів та безпекою, але віддаємо перевагу безпеці, коли неможливо знайти задовільний компроміс. </p> <p> Ця сторінка повинна надати вам огляд того, на що варто звернути увагу, щоб забезпечити безпеку вашої DokuWiki. </p> </div> <div class="secedit editbutton_section editbutton_1"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Безпека] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="безпека" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="1-1024" /><button type="submit" title="Безпека">Редагувати</button></div></form></div> <h2 class="sectionedit2" id="звітування_та_сповіщення">Звітування та сповіщення</h2> <div class="level2"> <p> Коли ви виявляєте проблему безпеки в DokuWiki, будь ласка, повідомте нас. Найбажаніші способи цього зробити: </p> <ul> <li class="level1"><div class="li"> Повідомлення через <a href="https://www.huntr.dev/repos/splitbrain/dokuwiki" class="urlextern" title="https://www.huntr.dev/repos/splitbrain/dokuwiki">huntr.dev</a></div> </li> <li class="level1"><div class="li"> Подання <a href="/bugs" class="wikilink1" title="bugs" data-wiki-id="bugs">звіту про помилку</a></div> </li> <li class="level1"><div class="li"> Відправка листа на <a href="/mailinglist" class="wikilink1" title="mailinglist" data-wiki-id="mailinglist">mailinglist</a></div> </li> <li class="level1"><div class="li"> Відправлення приватного листа на <a href="mailto:andi%20%5Bat%5D%20splitbrain%20%5Bdot%5D%20org" class="mail" title="andi [at] splitbrain [dot] org">andi [at] splitbrain [dot] org</a></div> </li> <li class="level1"><div class="li"> Перші два способи повинні бути віддані перевагу, за винятком дуже серйозних помилок, де оприлюднення помилки перед виходом патча може піддати ризику встановлення DokuWiki по всьому світу.</div> </li> </ul> <p> Попередні проблеми безпеки можна побачити в <a href="https://github.com/dokuwiki/dokuwiki/issues?q=label%3ASecurity+" class="urlextern" title="https://github.com/dokuwiki/dokuwiki/issues?q=label%3ASecurity+">системі відстеження помилок</a>. </p> <p> Залежно від серйозності виявленої проблеми безпеки, вона буде виправлена у майбутньому випуску (у випадку дуже незначних проблем) або буде створено виправлення. У останньому випадку користувачі будуть проінформовані через механізм <a href="/update_check" class="wikilink1" title="update_check" data-wiki-id="update_check">update check</a>. </p> <p> Ви повинні <strong>завжди</strong> використовувати найновіший випуск DokuWiki, оскільки для старших версій не видаються виправлення безпеки. </p> </div> <div class="secedit editbutton_section editbutton_2"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Звітування та сповіщення] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="звітування_та_сповіщення" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="1025-2812" /><button type="submit" title="Звітування та сповіщення">Редагувати</button></div></form></div> <h2 class="sectionedit3" id="безпека_доступу_через_веб-інтерфейс">Безпека доступу через веб-інтерфейс</h2> <div class="level2"> <p> DokuWiki зберігає конфігураційні дані та дані сторінок у файлах. Ці файли ніколи не повинні бути доступні напряму з Інтернету. Дистрибутивний архів містить набір файлів <code>.htaccess</code>, які зазвичай вказують веб-серверу Apache відмовляти в доступі до певних каталогів. </p> <p> <strong>IЯкщо ви не використовуєте веб-сервер Apache або ваш Apache не використовує файлів <code>.htaccess</code>, вам потрібно вручну захистити свій веб-сайт</strong>I </p> <p> Наступні каталоги не повинні бути доступні з Інтернету: </p> <ul> <li class="level1"><div class="li"> <code>data</code></div> </li> <li class="level1"><div class="li"> <code>conf</code></div> </li> <li class="level1"><div class="li"> <code>bin</code></div> </li> <li class="level1"><div class="li"> <code>inc</code> (не є небезпечним, коли доступний, хоча)</div> </li> <li class="level1"><div class="li"> <code>vendor</code> (розкриває інформацію про ваше середовище)</div> </li> </ul> <p> Щоб перевірити, чи потрібно налаштувати права доступу, спробуйте отримати доступ до <code>http://yourserver.com/data/pages/wiki/dokuwiki.txt</code>. Ви не повинні мати доступ до цього файлу таким чином. <a href="/admin_window" class="wikilink1" title="admin_window" data-wiki-id="admin_window">Адміністративний інтерфейс</a> також перевірить це за вас і відображатиме попередження, якщо щось не так. </p> <p> Зверніть увагу, що це не має нічого спільного з <a href="/install:permissions" class="wikilink1" title="install:permissions" data-wiki-id="install:permissions">правами доступу до файлів</a>. Веб-доступ - це налаштування, специфічне для вашого веб-сервера. </p> <p> Якщо ваші каталоги не захищені належним чином, прочитайте наступні підрозділи про те, як це зробити. </p> </div> <div class="secedit editbutton_section editbutton_3"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Безпека доступу через веб-інтерфейс] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="безпека_доступу_через_веб-інтерфейс" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="2813-4903" /><button type="submit" title="Безпека доступу через веб-інтерфейс">Редагувати</button></div></form></div> <h3 class="sectionedit4" id="deny_directory_access_in_apache">Deny Directory Access in Apache</h3> <div class="level3"> <p> The simplest way is to enable <code>.htaccess</code> support in your Apache configuration. Please see the <a href="http://httpd.apache.org/docs/2.2/howto/htaccess.html" class="urlextern" title="http://httpd.apache.org/docs/2.2/howto/htaccess.html">Apache .htaccess Tutorial</a>. </p> <p> DokuWiki already comes with correctly configured <code>.htaccess</code> files. The contents of a <code>.htaccess</code> file to block all access to the directory it is in should be as follows (valid for both Apache 2.2 and 2.4): </p> <pre class="code"><IfModule !mod_authz_core.c> Order deny,allow Deny from all </IfModule> <IfModule mod_authz_core.c> Require all denied </IfModule></pre> <p> Please note that many distributions have .htaccess support disabled by default. To enable it you need to set the <a href="https://httpd.apache.org/docs/current/mod/core.html#allowoverride" class="urlextern" title="https://httpd.apache.org/docs/current/mod/core.html#allowoverride">AllowOverride</a> directive from <code>None</code> to <code>All</code> for the directory your wiki is installed in. </p> <p> Check this <a href="https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles" class="urlextern" title="https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles">detailled tutorial for Ubuntu</a>. Configuration for Apache on other distributions is very similar. </p> <p> Alternatively you can use the <a href="https://httpd.apache.org/docs/current/mod/core.html#locationmatch" class="urlextern" title="https://httpd.apache.org/docs/current/mod/core.html#locationmatch">LocationMatch</a> directive to prevent access to the mentioned directories without enabling .htaccess support. This has better performance, but you may need to update the directive in the future when new directories are added in DokuWiki. An example may look like this: </p> <pre class="code"><LocationMatch "/(data|conf|bin|inc|vendor)/"> Order allow,deny Deny from all Satisfy All </LocationMatch></pre> </div> <div class="secedit editbutton_section editbutton_4"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Deny Directory Access in Apache] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="deny_directory_access_in_apache" /><input type="hidden" name="codeblockOffset" value="0" /><input type="hidden" name="range" value="4904-6453" /><button type="submit" title="Deny Directory Access in Apache">Редагувати</button></div></form></div> <h3 class="sectionedit5" id="deny_directory_access_in_iis">Deny Directory Access in IIS</h3> <div class="level3"> <p> Access to the mentioned directories can be disabled in IIS' configuration settings. </p> </div> <h4 id="in_iis_8">In IIS 8+</h4> <div class="level4"> <p> (Windows 8(.1) and Servers 2012 and 2012R2): </p> <ol> <li class="level1"><div class="li"> select “IIS Request Filtering”</div> </li> <li class="level1"><div class="li"> go to the “<abbr title="Uniform Resource Locator">URL</abbr>” tab</div> </li> <li class="level1"><div class="li"> click on “Deny Sequence…”</div> </li> <li class="level1"><div class="li"> enter “/data/” in the popup box and click “OK”</div> </li> <li class="level1"><div class="li"> Repeat the “Deny Sequence…” instruction for the /conf/ /bin/ /inc/ and /vendor/ directories</div> </li> </ol> </div> <h4 id="in_iis_7">In IIS 7</h4> <div class="level4"> <ol> <li class="level1"><div class="li"> select “IIS Request Filtering”</div> </li> <li class="level1"><div class="li"> go to the “<abbr title="Uniform Resource Locator">URL</abbr>” tab</div> </li> <li class="level1"><div class="li"> click on “Deny Sequence”</div> </li> <li class="level1"><div class="li"> enter “/data/” in the popup box</div> </li> </ol> <p> Note: By default, the Management Console snap-in for Internet Information Services 7 does not have UI access to “IIS Request Filtering” section. However, can be enabled by installing “IIS Administration pack 1.0” by using the <a href="http://www.microsoft.com/web/downloads/platform.aspx" class="urlextern" title="http://www.microsoft.com/web/downloads/platform.aspx">Web Platform Installer</a>. </p> <p> Also note: Ensure you enter “/data/” and NOT just “/data”, otherwise pages that start with “data” will be inaccessible. </p> </div> <h4 id="alternatives_for_iis_7">Alternatives for IIS 7+</h4> <div class="level4"> <p> If you can't access IIS configuration options (as in shared hosting sites), you can use one of the following methods </p> <p> <em>Alternative 1:</em> </p> <p> You can place the following file in your dokuwiki root: </p> <dl class="file"> <dt><a href="/_export/code/uk:security?codeblock=2" title="Завантажити фрагмент" class="mediafile mf_config">web.config</a></dt> <dd><pre class="code file xml"><span class="sc3"><span class="re1"><?xml</span> <span class="re0">version</span>=<span class="st0">"1.0"</span> <span class="re0">encoding</span>=<span class="st0">"UTF-8"</span><span class="re2">?></span></span> <span class="sc3"><span class="re1"><configuration<span class="re2">></span></span></span> <span class="sc3"><span class="re1"><system.webServer<span class="re2">></span></span></span> <span class="sc3"><span class="re1"><security<span class="re2">></span></span></span> <span class="sc3"><span class="re1"><requestFiltering<span class="re2">></span></span></span> <span class="sc3"><span class="re1"><filteringRules<span class="re2">></span></span></span> <span class="sc3"><span class="re1"></filteringRules<span class="re2">></span></span></span> <span class="sc3"><span class="re1"><denyUrlSequences<span class="re2">></span></span></span> <span class="sc3"><span class="re1"><add</span> <span class="re0">sequence</span>=<span class="st0">"/data/"</span> <span class="re2">/></span></span> <span class="sc3"><span class="re1"><add</span> <span class="re0">sequence</span>=<span class="st0">"/conf/"</span> <span class="re2">/></span></span> <span class="sc3"><span class="re1"><add</span> <span class="re0">sequence</span>=<span class="st0">"/bin/"</span> <span class="re2">/></span></span> <span class="sc3"><span class="re1"><add</span> <span class="re0">sequence</span>=<span class="st0">"/inc/"</span> <span class="re2">/></span></span> <span class="sc3"><span class="re1"><add</span> <span class="re0">sequence</span>=<span class="st0">"/vendor/"</span> <span class="re2">/></span></span> <span class="sc3"><span class="re1"></denyUrlSequences<span class="re2">></span></span></span> <span class="sc3"><span class="re1"></requestFiltering<span class="re2">></span></span></span> <span class="sc3"><span class="re1"></security<span class="re2">></span></span></span> <span class="sc3"><span class="re1"></system.webServer<span class="re2">></span></span></span> <span class="sc3"><span class="re1"></configuration<span class="re2">></span></span></span></pre> </dd></dl> <p> <em>Alternative 2:</em> </p> <p> You can put the following web.config file in the directories you have to protect. </p> <ul> <li class="level1"><div class="li"> <code>data</code></div> </li> <li class="level1"><div class="li"> <code>conf</code></div> </li> <li class="level1"><div class="li"> <code>bin</code></div> </li> <li class="level1"><div class="li"> <code>inc</code> (isn't dangerous when accessible, though)</div> </li> <li class="level1"><div class="li"> <code>vendor</code></div> </li> </ul> <dl class="file"> <dt><a href="/_export/code/uk:security?codeblock=3" title="Завантажити фрагмент" class="mediafile mf_config">web.config</a></dt> <dd><pre class="code file xml"><span class="sc3"><span class="re1"><?xml</span> <span class="re0">version</span>=<span class="st0">"1.0"</span> <span class="re0">encoding</span>=<span class="st0">"UTF-8"</span><span class="re2">?></span></span> <span class="sc3"><span class="re1"><configuration<span class="re2">></span></span></span> <span class="sc3"><span class="re1"><system.webServer<span class="re2">></span></span></span> <span class="sc3"><span class="re1"><handlers</span> <span class="re0">accessPolicy</span>=<span class="st0">"None"</span> <span class="re2">/></span></span> <span class="sc3"><span class="re1"></system.webServer<span class="re2">></span></span></span> <span class="sc3"><span class="re1"></configuration<span class="re2">></span></span></span></pre> </dd></dl> </div> <h4 id="iis_65_and_below">IIS 6.5 and below</h4> <div class="level4"> <ol> <li class="level1"><div class="li"> Open the configuration tool: Start → Settings → Control Panel → Administrative Tools → Internet Information Services</div> </li> <li class="level1"><div class="li"> Navigate to the directory you want to protect: Local Computer → Web Sites → Default Web Site → <em>path to directory</em></div> </li> <li class="level1"><div class="li"> Right-Click the folder and chose Properties → Directory Security → IP address and domain name restrictions → Edit…</div> </li> <li class="level1"><div class="li"> Choose “By default, all computers will be: Denied access”</div> </li> <li class="level1"><div class="li"> Repeat this for /data/ /conf/ /bin/ /inc/ and /vendor/ directories</div> </li> </ol> </div> <div class="secedit editbutton_section editbutton_5"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Deny Directory Access in IIS] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="deny_directory_access_in_iis" /><input type="hidden" name="codeblockOffset" value="2" /><input type="hidden" name="range" value="6454-9247" /><button type="submit" title="Deny Directory Access in IIS">Редагувати</button></div></form></div> <h3 class="sectionedit6" id="deny_directory_access_in_lighttpd">Deny Directory Access in Lighttpd</h3> <div class="level3"> <p> Using a <a href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModRewrite" class="urlextern" title="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModRewrite">|URL re-write</a> you can deny access to the above directories. In your /etc/lighttpd/lighttpd.conf file adding the following <abbr title="Uniform Resource Locator">URL</abbr> rewrite rule should be sufficient to keep people out. It supposes your Dokuwiki files are installed under <a href="http://yourwebsite.tld/dokuwiki/" class="urlextern" title="http://yourwebsite.tld/dokuwiki/">http://yourwebsite.tld/dokuwiki/</a>. </p> <pre class="code">url.rewrite-once = ( "^/dokuwiki/(data|conf|bin|inc|vendor)/+." => "/nonexistentfolder" )</pre> <p> Don't forget to uncomment or add “mod_rewrite” in the server.modules section of /etc/lighttpd/lighttpd.conf. It should look like this: </p> <pre class="code">server.modules += ( "mod_compress", "mod_dirlisting", "mod_staticfile", "mod_rewrite", )</pre> <p> Unfortunately it does not keep people out who are using Vivaldi and probably other Chromium based browsers. When combined with “<a href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccess" class="urlextern" title="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccess">mod_access</a>” it does keep people out. More mod_access examples are available <a href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccess" class="urlextern" title="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccess">here</a>.<br/> In /etc/lighttpd/lighttpd.conf “mod_access” should be in the “server.modules = (” section. Also add </p> <pre class="code">$HTTP["url"] =~ "^/dokuwiki/(data|conf|bin|inc|vendor)/+." { url.access-deny = ("") }</pre> <p> to /etc/lighttpd/lighttpd.conf.<br/> <br/> Restart lighttpd with systemctl reload-or-restart lighttpd and check the status with systemctl status lighttpd </p> </div> <div class="secedit editbutton_section editbutton_6"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Deny Directory Access in Lighttpd] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="deny_directory_access_in_lighttpd" /><input type="hidden" name="codeblockOffset" value="4" /><input type="hidden" name="range" value="9248-10685" /><button type="submit" title="Deny Directory Access in Lighttpd">Редагувати</button></div></form></div> <h3 class="sectionedit7" id="deny_directory_access_in_nginx">Deny Directory Access in Nginx</h3> <div class="level3"> <p> Access to aforementioned directories can be disabled in DokuWiki server section of Nginx configuration file. In your host configuration file (for example, /etc/nginx/sites-available/default) or nginx.conf file add the following location to prevent access to secure directories. </p> <p> <img src="/lib/images/smileys/exclaim.svg" class="icon smiley" alt=":!:" /> Make sure that the rule is processed before other rules that control access to certain files.<sup><a href="#fn__1" id="fnt__1" class="fn_top">1)</a></sup> </p> <pre class="code"> location ~ /(data|conf|bin|inc|vendor)/ { deny all; }</pre> <p> Note: if you are using <a href="/config:xsendfile" class="wikilink1" title="config:xsendfile" data-wiki-id="config:xsendfile">xsendfile</a>, the above rules will break sendfile functionality. Consider the following: </p> <pre class="code"> location ~ /(conf|bin|inc|vendor)/ { deny all; } location ~ /data/ { internal; }</pre> </div> <div class="secedit editbutton_section editbutton_7"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Deny Directory Access in Nginx] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="deny_directory_access_in_nginx" /><input type="hidden" name="codeblockOffset" value="5" /><input type="hidden" name="range" value="10686-11686" /><button type="submit" title="Deny Directory Access in Nginx">Редагувати</button></div></form></div> <h3 class="sectionedit8" id="deny_directory_access_in_cherokee">Deny Directory Access in Cherokee</h3> <div class="level3"> <p> It is relatively easy to forbid access to those directories using Cherokee. In cherokee-admin, select the virtual server where dokuwiki is installed and select rules management. </p> <p> then add a new “Regular Expression” rule and put the following in it (supposing that dokuwiki sits on the root directory): </p> <pre class="code"> /(data|conf|bin|inc|vendor)/</pre> <p> Remember to set it as “NON FINAL”, because if not, some code under those directories may still being executed under certain circumstances (“Extensions php” rule as “NON FINAL” present, for example). </p> <p> Then go in “Handler” section and select HTTP Error. Finally select “403 Forbidden” in HTTP Error. </p> </div> <div class="secedit editbutton_section editbutton_8"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Deny Directory Access in Cherokee] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="deny_directory_access_in_cherokee" /><input type="hidden" name="codeblockOffset" value="7" /><input type="hidden" name="range" value="11687-12379" /><button type="submit" title="Deny Directory Access in Cherokee">Редагувати</button></div></form></div> <h3 class="sectionedit9" id="deny_directory_access_in_caddy">Deny Directory Access in Caddy</h3> <div class="level3"> <p> Here is an example Caddyfile for a wiki served with <a href="https://caddyserver.com" class="urlextern" title="https://caddyserver.com">Caddy</a>: </p> <pre class="code">wiki.example.com { log /var/log/caddy/dokuwiki.log root /var/www/dokuwiki/ # Assuming install/config of php-fpm # to listen on localhost:9000 fastcgi / 127.0.0.1:9000 php # This block below sends an HTTP 401 message when # a client attempts to access the secured directories. status 401 { /data /conf /bin /inc /vendor } }</pre> </div> <div class="secedit editbutton_section editbutton_9"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Deny Directory Access in Caddy] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="deny_directory_access_in_caddy" /><input type="hidden" name="codeblockOffset" value="8" /><input type="hidden" name="range" value="12380-12916" /><button type="submit" title="Deny Directory Access in Caddy">Редагувати</button></div></form></div> <h3 class="sectionedit10" id="move_directories_out_of_docroot">Move Directories out of DocRoot</h3> <div class="level3"> <p> The most secure way to avoid any access to the mentioned directories is to move them outside the so called “Document Root” of your Webserver. This is usually not needed if you followed the guides above and requires a bit more understanding on how webserver and DokuWiki works. None-the-less it is the safest way to secure your DokuWiki install regardless of the used webserver. </p> <p> <strong><em class="u">WARNING:</em></strong> If you are planning to use the <a href="/uk:installer" class="wikilink2" title="uk:installer" rel="nofollow" data-wiki-id="uk:installer">installer</a>, you need to install your wiki executing the install.php script first before you can do this step. If the Move Directories operation is done before, the installer execution will fail. </p> </div> <h4 id="data_directory">data Directory</h4> <div class="level4"> <ol> <li class="level1"><div class="li"> Move the <code>data</code> directory (and all its contents) out of the document root</div> </li> <li class="level1"><div class="li"> Edit the <a href="/config:savedir" class="wikilink1" title="config:savedir" data-wiki-id="config:savedir">savedir</a> setting to point to the new location of the <code>data</code> directory.</div> </li> </ol> <p> For example, if the <code>data</code> directory is moved to <code>/home/yourname/data</code>, add the following line to <code>conf/local.php</code>: </p> <pre class="code">$conf['savedir'] = '/home/yourname/data';</pre> </div> <h4 id="conf_directory">conf Directory</h4> <div class="level4"> <ol> <li class="level1"><div class="li"> Move the <code>conf</code> directory (and all its contents) out of the document root</div> </li> <li class="level1"><div class="li"> Create a file named <code>preload.php</code> inside the <code>inc</code> directory and set the <code>DOKU_CONF</code> define to the new location of the <code>conf</code> directory.</div> </li> </ol> <p> For example, if the <code>conf</code> directory is moved to <code>/home/yourname/conf</code>, create the following <code>inc/preload.php</code>: </p> <dl class="code"> <dt><a href="/_export/code/uk:security?codeblock=9" title="Завантажити фрагмент" class="mediafile mf_php">inc/preload.php</a></dt> <dd><pre class="code php"><span class="kw2"><?php</span> <span class="co1">// DO NOT use a closing php tag. This causes a problem with the feeds,</span> <span class="co1">// among other things. For more information on this issue, please see:w</span> <span class="co1">// http://www.dokuwiki.org/devel:coding_style#php_closing_tags</span>   <a href="http://www.php.net/define"><span class="kw3">define</span></a><span class="br0">(</span><span class="st_h">'DOKU_CONF'</span><span class="sy0">,</span><span class="st_h">'/home/yourname/conf/'</span><span class="br0">)</span><span class="sy0">;</span></pre> </dd></dl> </div> <h4 id="bin_directory">bin Directory</h4> <div class="level4"> <p> The bin directory contains <a href="/uk:cli" class="wikilink2" title="uk:cli" rel="nofollow" data-wiki-id="uk:cli">CLI</a> tools. If you don't have shell access on your server anyway you can simply delete the directory and its contents. Otherwise just move it out of the document root. No further configuration needed. </p> </div> <h4 id="inc_directory">inc Directory</h4> <div class="level4"> <p> There is currently no easy way to move this directory out of the document root. But since it doesn't contain any sensitive data it isn't worth the effort to try anyway. </p> </div> <div class="secedit editbutton_section editbutton_10"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Move Directories out of DocRoot] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="move_directories_out_of_docroot" /><input type="hidden" name="codeblockOffset" value="9" /><input type="hidden" name="range" value="12917-15069" /><button type="submit" title="Move Directories out of DocRoot">Редагувати</button></div></form></div> <h2 class="sectionedit11" id="dokuwiki_configuration_settings">DokuWiki Configuration Settings</h2> <div class="level2"> <p> DokuWiki contains several configuration settings that have an impact on various security aspects of the installation. Please refer to the documentation of each setting to learn what they do and what suggested settings are. </p> <ul> <li class="level1"><div class="li"> <a href="/config:allowdebug" class="wikilink1" title="config:allowdebug" data-wiki-id="config:allowdebug">allowdebug</a> – disabling debugging output to avoid system information leakage <img src="/lib/images/smileys/exclaim.svg" class="icon smiley" alt=":!:" /></div> </li> <li class="level1"><div class="li"> <a href="/config:fmode" class="wikilink1" title="config:fmode" data-wiki-id="config:fmode">fmode</a>, <a href="/config:dmode" class="wikilink1" title="config:dmode" data-wiki-id="config:dmode">dmode</a> – set the file permissions of DokuWiki created files, also read info on setting up <a href="/uk:permissions" class="wikilink2" title="uk:permissions" rel="nofollow" data-wiki-id="uk:permissions">permissions</a></div> </li> <li class="level1"><div class="li"> <a href="/config:fetchsize" class="wikilink1" title="config:fetchsize" data-wiki-id="config:fetchsize">fetchsize</a> – configure caching of external data</div> </li> <li class="level1"><div class="li"> <a href="/config:fullpath" class="wikilink1" title="config:fullpath" data-wiki-id="config:fullpath">fullpath</a> – showing full path names for pages</div> </li> <li class="level1"><div class="li"> all <a href="/uk:auth" class="wikilink1" title="uk:auth" data-wiki-id="uk:auth">authentication settings</a></div> </li> <li class="level1"><div class="li"> <a href="/config:usewordblock" class="wikilink1" title="config:usewordblock" data-wiki-id="config:usewordblock">usewordblock</a> – prevent spam through a blocklist</div> </li> <li class="level1"><div class="li"> <a href="/config:mailguard" class="wikilink1" title="config:mailguard" data-wiki-id="config:mailguard">mailguard</a> – avoid mail address harvesting robots</div> </li> <li class="level1"><div class="li"> <a href="/config:iexssprotect" class="wikilink1" title="config:iexssprotect" data-wiki-id="config:iexssprotect">iexssprotect</a> – protect against a XSS problem within Internet Explorer</div> </li> <li class="level1"><div class="li"> <a href="/config:htmlok" class="wikilink1" title="config:htmlok" data-wiki-id="config:htmlok">htmlok</a> – enable <abbr title="HyperText Markup Language">HTML</abbr></div> </li> <li class="level1"><div class="li"> <a href="/config:phpok" class="wikilink1" title="config:phpok" data-wiki-id="config:phpok">phpok</a> – enable PHP</div> </li> <li class="level1"><div class="li"> <a href="/config:hidepages" class="wikilink1" title="config:hidepages" data-wiki-id="config:hidepages">hidepages</a> – hide certain pages from indexes and search</div> </li> <li class="level1"><div class="li"> <a href="/config:safemodehack" class="wikilink1" title="config:safemodehack" data-wiki-id="config:safemodehack">safemodehack</a> – work around safe mode restrictions</div> </li> <li class="level1"><div class="li"> <a href="/config:disableactions" class="wikilink1" title="config:disableactions" data-wiki-id="config:disableactions">disableactions</a> – disable certain actions, e.g. registration or view source</div> </li> <li class="level1"><div class="li"> <a href="/config:baseurl" class="wikilink1" title="config:baseurl" data-wiki-id="config:baseurl">baseurl</a> – set a fixed server name the wiki should use to avoid server name spoofing attacks</div> </li> </ul> </div> <div class="secedit editbutton_section editbutton_11"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[DokuWiki Configuration Settings] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="dokuwiki_configuration_settings" /><input type="hidden" name="codeblockOffset" value="10" /><input type="hidden" name="range" value="15070-16362" /><button type="submit" title="DokuWiki Configuration Settings">Редагувати</button></div></form></div> <h2 class="sectionedit12" id="plugin_security">Plugin Security</h2> <div class="level2"> <p> DokuWiki has <a href="/uk:plugins" class="wikilink1" title="uk:plugins" data-wiki-id="uk:plugins">lots of community contributed plugins</a>. Plugins add new functionality to DokuWiki by adding new code. This means the code has practically any access to your server. Additionally plugins are distributed separately from DokuWiki in an entirely ad-hoc manner. They are not subject to the same degree of attention and review that the core DokuWiki code base gets. So security precautions are necessary before installing a plugin. </p> <p> Here are some tips to help you with choosing the plugins you install. </p> <ul> <li class="level1"><div class="li"> If you can, review the plugin source code yourself, <em>before</em> installing it.</div> </li> <li class="level1"><div class="li"> If in doubt, ask on the <a href="/uk:mailinglist" class="wikilink2" title="uk:mailinglist" rel="nofollow" data-wiki-id="uk:mailinglist">mailing list</a>.</div> </li> <li class="level1"><div class="li"> Plugins are installed under the DokuWiki <code>lib</code> directory, which is directly accessible from the outside. Review what a plugin contains and if access is appropriate, plugins shouldn't store sensitive info in their own directory.</div> </li> <li class="level1"><div class="li"> Plugins are authored by developers not directly related to the DokuWiki project - they may be inexperienced, have malicious intent or may host the plugin source code on a server that has been compromised. Be careful whom you trust!</div> </li> <li class="level1"><div class="li"> Review the plugin page for mentioned security warnings and upgrade the plugin when new releases become available.</div> </li> <li class="level1"><div class="li"> If in doubt, let plugins be reviewed by a professional first. See <a href="/faq:support" class="wikilink1" title="faq:support" data-wiki-id="faq:support">support</a>.</div> </li> </ul> <p> See also: <a href="/devel:security#reporting_security_issues" class="wikilink1" title="devel:security" data-wiki-id="devel:security">How to report security issues in plugins</a> </p> </div> <div class="secedit editbutton_section editbutton_12"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Plugin Security] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="plugin_security" /><input type="hidden" name="codeblockOffset" value="10" /><input type="hidden" name="range" value="16363-17826" /><button type="submit" title="Plugin Security">Редагувати</button></div></form></div> <h2 class="sectionedit13" id="access_control">Access Control</h2> <div class="level2"> <p> With <a href="/uk:acl" class="wikilink1" title="uk:acl" data-wiki-id="uk:acl">Access Control Lists (ACL)</a> you can restrict which pages and/or namespaces users have access to. You can give read and write permissions depending on the user group or single users. </p> </div> <div class="secedit editbutton_section editbutton_13"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Access Control] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="access_control" /><input type="hidden" name="codeblockOffset" value="10" /><input type="hidden" name="range" value="17827-18049" /><button type="submit" title="Access Control">Редагувати</button></div></form></div> <h2 class="sectionedit14" id="additional_reading">Additional Reading</h2> <div class="level2"> <p> Here are a few more internal and external pages related to security. </p> <ul> <li class="level1"><div class="li"> <a href="/tips:httpslogin" class="wikilink1" title="tips:httpslogin" data-wiki-id="tips:httpslogin">Force login via HTTPS</a></div> </li> <li class="level1"><div class="li"> <a href="/install:php" class="wikilink1" title="install:php" data-wiki-id="install:php">PHP Configuration for DokuWiki</a></div> </li> <li class="level1"><div class="li"> <a href="/tips:clean_acl" class="wikilink1" title="tips:clean_acl" data-wiki-id="tips:clean_acl">Remove ACL rules for deleted pages</a></div> </li> <li class="level1"><div class="li"> <a href="https://www.feistyduck.com/library/apache-security/" class="urlextern" title="https://www.feistyduck.com/library/apache-security/">Apache Security</a></div> </li> </ul> </div> <div class="secedit editbutton_section editbutton_14"><form class="button btn_secedit" method="post" action="/uk:security"><div class="no"><input type="hidden" name="do" value="edit" /><input type="hidden" name="rev" value="1715626558" /><input type="hidden" name="summary" value="[Additional Reading] " /><input type="hidden" name="target" value="section" /><input type="hidden" name="hid" value="additional_reading" /><input type="hidden" name="codeblockOffset" value="10" /><input type="hidden" name="range" value="18050-" /><button type="submit" title="Additional Reading">Редагувати</button></div></form></div><div class="footnotes"> <div class="fn"><sup><a href="#fnt__1" id="fn__1" class="fn_bot">1)</a></sup> <div class="content">See this <a href="https://forum.dokuwiki.org/d/21122-security-warning-persists/9" class="urlextern" title="https://forum.dokuwiki.org/d/21122-security-warning-persists/9">forum thread</a> and <a href="https://stackoverflow.com/questions/76369813/why-are-my-jpg-and-png-files-accessible-despite-nginx-access-restriction" class="urlextern" title="https://stackoverflow.com/questions/76369813/why-are-my-jpg-and-png-files-accessible-despite-nginx-access-restriction">stackoverflow</a></div></div> </div>  </div> <div class="docInfo"><bdi>uk/security.txt</bdi> · Востаннє змінено: <time datetime="2024-05-13T20:55:58+0200">2024-05-13 20:55</time> повз <bdi>uaKalwin</bdi></div> <hr class="a11y" /> </div></main>  <nav id="dokuwiki__pagetools" aria-labelledby="dokuwiki__pagetools__heading"> <h3 class="a11y" id="dokuwiki__pagetools__heading">Налаштування сторінки</h3> <div class="tools"> <ul> <li class="edit"><a href="/uk:security?do=edit" title="Редагувати цю сторінку [e]" rel="nofollow" accesskey="e"><span>Редагувати цю сторінку</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg></a></li><li class="revs"><a href="/uk:security?do=revisions" title="Старі ревізії [o]" rel="nofollow" accesskey="o"><span>Старі ревізії</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M11 7v5.11l4.71 2.79.79-1.28-4-2.37V7m0-5C8.97 2 5.91 3.92 4.27 6.77L2 4.5V11h6.5L5.75 8.25C6.96 5.73 9.5 4 12.5 4a7.5 7.5 0 0 1 7.5 7.5 7.5 7.5 0 0 1-7.5 7.5c-3.27 0-6.03-2.09-7.06-5h-2.1c1.1 4.03 4.77 7 9.16 7 5.24 0 9.5-4.25 9.5-9.5A9.5 9.5 0 0 0 12.5 2z"/></svg></a></li><li class="backlink"><a href="/uk:security?do=backlink" title="Посилання сюди" rel="nofollow"><span>Посилання сюди</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M10.59 13.41c.41.39.41 1.03 0 1.42-.39.39-1.03.39-1.42 0a5.003 5.003 0 0 1 0-7.07l3.54-3.54a5.003 5.003 0 0 1 7.07 0 5.003 5.003 0 0 1 0 7.07l-1.49 1.49c.01-.82-.12-1.64-.4-2.42l.47-.48a2.982 2.982 0 0 0 0-4.24 2.982 2.982 0 0 0-4.24 0l-3.53 3.53a2.982 2.982 0 0 0 0 4.24m2.82-4.24c.39-.39 1.03-.39 1.42 0a5.003 5.003 0 0 1 0 7.07l-3.54 3.54a5.003 5.003 0 0 1-7.07 0 5.003 5.003 0 0 1 0-7.07l1.49-1.49c-.01.82.12 1.64.4 2.43l-.47.47a2.982 2.982 0 0 0 0 4.24 2.982 2.982 0 0 0 4.24 0l3.53-3.53a2.982 2.982 0 0 0 0-4.24.973.973 0 0 1 0-1.42z"/></svg></a></li><li class="top"><a href="#dokuwiki__top" title="Повернутися наверх [t]" rel="nofollow" accesskey="t"><span>Повернутися наверх</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"/></svg></a></li> </ul> </div> </nav> </div>  <footer id="dokuwiki__footer"><div class="pad"> <div class="license">Якщо не вказано інше, вміст цієї Вікі підпадає під дію такої ліцензії: <bdi><a href="https://creativecommons.org/licenses/by-sa/4.0/deed.en" rel="license" class="urlextern">CC Attribution-Share Alike 4.0 International</a></bdi></div> <div class="buttons"> <a href="https://creativecommons.org/licenses/by-sa/4.0/deed.en" rel="license"><img src="/lib/images/license/button/cc-by-sa.png" alt="CC Attribution-Share Alike 4.0 International" /></a> <a href="https://www.dokuwiki.org/donate" title="Donate" ><img src="/lib/tpl/dokuwiki/images/button-donate.gif" width="80" height="15" alt="Donate" /></a> <a href="https://php.net" title="Powered by PHP" ><img src="/lib/tpl/dokuwiki/images/button-php.gif" width="80" height="15" alt="Powered by PHP" /></a> <a href="//validator.w3.org/check/referer" title="Valid HTML5" ><img src="/lib/tpl/dokuwiki/images/button-html5.png" width="80" height="15" alt="Valid HTML5" /></a> <a href="//jigsaw.w3.org/css-validator/check/referer?profile=css3" title="Valid CSS" ><img src="/lib/tpl/dokuwiki/images/button-css.png" width="80" height="15" alt="Valid CSS" /></a> <a href="https://dokuwiki.org/" title="Driven by DokuWiki" ><img src="/lib/tpl/dokuwiki/images/button-dw.png" width="80" height="15" alt="Driven by DokuWiki" /></a> </div> <div style="margin-top: 2em; font-size:90%" class="dokuwiki"><div style="float:right"><a href="http://www.splitbrain.org/personal#imprint" style="float:right; text-decoration: none; color:#333">Imprint</a></div></div> <style type="text/css"> @media screen { body { padding-top: 30px; } #global__header { position: absolute; top: 0; left: 0; text-align: left; vertical-align: middle; line-height: 1.5; background-color: #333; box-shadow: 0 0 8px rgba(0,0,0,0.5); width: 100%; margin: 0; padding: 5px 20px; -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; white-space: nowrap; overflow: hidden; } #global__header h2 { position: absolute; left: -99999em; top: 0; overflow: hidden; display: inline; } #global__header ul, #global__header li { margin: 0; padding: 0; list-style: none; display: inline; line-height: 1.5; } #global__header a { color: #bbb; text-decoration: none; margin-right: 20px; font-size: 14px; font-weight: normal; } #global__header a:hover, #global__header a:active, #global__header a:focus { color: #fff; text-decoration: underline; } #global__header form { float: right; margin: 0 0 0 20px; } #global__header input { background-color: #333; background-image: none; border: 1px solid #bbb; color: #fff; box-shadow: none; border-radius: 2px; margin: 0; line-height: normal; padding: 1px 0 1px 0; height: auto; } #global__header input.button { border: none; color: #bbb; } #global__header input.button:hover, #global__header input.button:active, #global__header input.button:focus { color: #fff; text-decoration: underline; } } /* /@media */ @media only screen and (min-width: 601px) { /* changes specific for www.dokuwiki.org */ #dokuwiki__header { padding-top: 3em; } #dokuwiki__usertools { top: 3em; } /* changes specific for bugs.dokuwiki.org */ div#container div#showtask { top: 40px; } } /* /@media */ @media only screen and (max-width: 600px) { body { padding-top: 0; } #global__header { position: static; white-space: normal; overflow: auto; } #global__header form { float: none; display: block; margin: 0 0 .4em; } } /* /@media */ @media print { #global__header { display: none; } } /* /@media */ </style> <div id="global__header"> <h2>Global DokuWiki Links</h2> <form method="get" action="https://search.dokuwiki.org/" target="_top"> <input type="text" name="q" title="Search all DokuWiki sites at once" class="input" /> <input type="submit" title="Search all DokuWiki sites at once" value="Search" class="button" /> </form> <ul> <li><a href="https://download.dokuwiki.org" title="Download the latest release" target="_top">Download</a></li> <li><a href="https://www.dokuwiki.org" title="Read the DokuWiki documentation" target="_top">Wiki</a></li> <li><a href="https://forum.dokuwiki.org" title="Ask questions in the DokuWiki forum" target="_top">Forum</a></li> <li><a href="https://irc.dokuwiki.org" title="Check IRC chat logs or join the chat" target="_top">IRC</a></li> <li><a href="https://github.com/splitbrain/dokuwiki/issues" title="Report and track bugs" target="_top">Bugs</a></li> <li><a href="https://translate.dokuwiki.org/" title="Help translating the DokuWiki interface" target="_top">Translate</a></li> <li><a href="https://github.com/splitbrain/dokuwiki" title="Access the most recent git commits" target="_top">Git</a></li> <li><a href="https://xref.dokuwiki.org/reference/dokuwiki/" title="Cross-Reference of the DokuWiki source code" target="_top">XRef</a></li> <li><a href="https://codesearch.dokuwiki.org/" title="Search through the sources of DokuWiki, plugins and templates" target="_top">Code Search</a></li> </ul> </div>  </div></footer> </div></div> <div class="no"><img src="/lib/exe/taskrunner.php?id=uk%3Asecurity&1745439464" width="2" height="1" alt="" /></div> <div id="screen__mode" class="no"></div></body> </html>