I'm trying to make a site that is only accessible by allowed users. By
default, on a just created blank BlueSpice MediaWiki site, each page I
create, is visible to anyone coming to the site. Instead, I'd like to make
the site only visible to a select set of people. Perhaps this could be
done by requiring a person to log into the site before any pages become
visible and requiring all user accounts to be approved.
What is a straight forward way to make a whole BlueSpice MediaWiki site
private and only accessible by those users I approve?
Thanks.
-William
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I found that by default "read" access is provided to everyone, logged in or not. Therefore, I explicitly added read access in the WikiAdmin - Permission manager to group User checking for line Read in the Namespace column. Having done this, the pages now say:
Login required
Please log in to view other pages.
However, there are still details visible. For example, the special page http://wiki.domain.com/index.php/Special:RecentChanges shows the names of pages and the log entry for each edit. Additionally, the names of users are revealed and their edit history.
The solution is to go to group * in the WikiAdmin - Permission manager and uncheck the Read under the Wiki column adjacent to the Namespace column mentioned above.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
However, the above breaks two-factor authentication, as the special page http://wiki.domain.com/index.php/Special:TwoFactorAuth/auth is not readable until you log in. If you give * access to Wiki but not Namespace, then it works, but now when not logged in you can see all sorts of stuff like list of page names and users.
Hello,
I'm trying to make a site that is only accessible by allowed users. By
default, on a just created blank BlueSpice MediaWiki site, each page I
create, is visible to anyone coming to the site. Instead, I'd like to make
the site only visible to a select set of people. Perhaps this could be
done by requiring a person to log into the site before any pages become
visible and requiring all user accounts to be approved.
What is a straight forward way to make a whole BlueSpice MediaWiki site
private and only accessible by those users I approve?
Thanks.
-William
I found that by default "read" access is provided to everyone, logged in or not. Therefore, I explicitly added read access in the
WikiAdmin - Permission manager
to group User checking for lineRead
in theNamespace
column. Having done this, the pages now say:Login required
Please log in to view other pages.
However, there are still details visible. For example, the special page http://wiki.domain.com/index.php/Special:RecentChanges shows the names of pages and the log entry for each edit. Additionally, the names of users are revealed and their edit history.
The solution is to go to group
*
in theWikiAdmin - Permission manager
and uncheck theRead
under theWiki
column adjacent to theNamespace
column mentioned above.However, the above breaks two-factor authentication, as the special page http://wiki.domain.com/index.php/Special:TwoFactorAuth/auth is not readable until you log in. If you give * access to Wiki but not Namespace, then it works, but now when not logged in you can see all sorts of stuff like list of page names and users.
The page http://wiki.domain.com/index.php/Special:UserLogin must have special handling for this case that just needs to be added to also apply to http://wiki.domain.com/index.php/Special:TwoFactorAuth/auth but I'm not sure where that special permission is given unless it is hardcoded somewhere and not user accessible.
The solution is to use wgWhitelistRead in your LocalSettings.php configuration file:
$wgWhitelistRead = array(
"Special:UserLogin", "Special:TwoFactorAuth/auth", "Special:RequestAccount"
);