Securing single Wiki Pages with a Password

Goal:

Securing single JSPWiki pages with a password.

Requirements

Apache Webserver with mod_proxy, mod_rewrite, mod_auth

Solution

Create two ProxyPass sections for your JSPWiki - one for the normal access and one for the secured access. This can be achieved like this:

# Don't make your apache an open web proxy
ProxyRequests off
# Normal world accessible
ProxyPass		/wiki/	http://localhost:8080/JSPWiki/
ProxyPassReverse	/wiki/	http://localhost:8080/JSPWiki/
# Secured access
ProxyPass		/swiki/	http://localhost:8080/JSPWiki/
ProxyPassReverse	/swiki/	http://localhost:8080/JSPWiki/

Then add a rewrite rule that redirects all access to pages with a special string in the name to the secured ReverseProxy:

	RewriteLog      "/var/log/apache2/rewrite_log"
        RewriteLogLevel 0

        RewriteEngine On
        # RewriteLog    /var/log/apache2/rewrite_log
        # RewriteLogLevel       5
        RewriteCond             %{QUERY_STRING} ^.*WSecure.*$
        RewriteRule             ^/wiki/(.*)$    /swiki/$1       [R,L]

This will redirect all wiki pages which contain the String "WSecure" in the page name to the secure area.

Finally protect the secured area by password:

<Location /swiki/*>
        AuthType Basic
        AuthName "Restricted/Private Area. Please provide password!"
        AuthUserFile  /srv/www/auth_user_file
        require valid-user
</Location>

This will protect the access to the reverse proxy /swiki/ with a password and thus all pages containing the secured string in the page name will be protected by password. You can choose any string you want as the secure indicator. But make sure it doesn't appear in the name of pages you don't want to protect.

---

Back to Category Tips