Howto protect foswiki attachments without slowdown

I was just asked on IRC how to protect some attachments without forcing all requested attachments to go through the viewfile cgi script (as that causes your foswiki images and css to load incredibly slowly), and here’s the howto I answered with:

I was just asked on IRC how to protect some attachments without forcing all requested attachments to go through the viewfile cgi script (as that causes your foswiki images and css to load incredibly slowly), and here’s the howto I answered with:

I coded foswiki 1.0’s viewfile script to work as an apache ErrorDocument, so If you can find a way to trigger a 404 or 401 error, you can get apache to run viewfile –

ErrorDocument 404 /foswiki/bin/viewfile
ErrorDocument 401 /foswiki/bin/viewfile

If you place your pub dir somewhere outside where apache serves files and then softlink the non-protected webs into apache’s path (so it serves them full speed), then the secured webs will generate a 404, triggering the viewfile ErrorDocument – which will thus serve the file only to authenticated users

This will work irrespective of the authentication choices in your foswiki setup – and as the files that require securing are outside apache’s file serving areas, can be considered as secure as possible.

As an added bonus, any request to a file that does not exist will show a foswiki error page, rather than a static html.

Foswiki 1.1 Admin dashboard preview

I’ve been working on expanding the use of Foswiki Applications and in the process began to build (using TML) a much more usable user interface for configuring and managing your Foswiki.

So – to the picture show 🙂

SystemAdmin WebHome
Easy to access over-view
SystemAdmin SiteSettings
Quickly customise your Foswiki site.

SystemAdmin VisualSettings
Admin friendly selection of visual settings

Many of these features already do work in Foswiki 1.0.4 – by installing FoswikiApplications Contrib, but they are a work in progress – and getting more advanced every week.

Foswiki 1.0.4 released – OSX, Windows and Debian installers ready too

Foswiki 1.0.4 has been released with more than 100 bug fixes and some small enhancements. Upgrading is highly recommended. If you did not upgrade from TWiki yet, now is a good time as Foswiki 1.0.4 fixes more around 300 bugs relative to TWiki 4.2.4.

Grab it now from : – the straight and upgrade archives, OSX installer and my Windows Installers are here.

My debian package repository now spans Foswiki 1.0.4 and 168 Foswiki extensions – its never been easier to install 🙂


Over the 4 months of our project’s existence, 33 developers have been involved in making ~3000 commits – next up, the future !

debian repository for Foswiki

I’ve set up a debian repository that you can help test the release package before it gets uploaded into debian proper.

To try it out, add the following to your /etc/apt/sources.list

deb stable main contrib
deb-src stable main contrib

and then run

gpg --keyserver --recv-keys 379393E0AAEE96F6
apt-key add /root/.gnupg/pubring.gpg

OR (if doesn’t work for you)
apt-key add FoswikiReleaseGpgKey.asc

apt-get update

apt-get install apache2 foswiki

This repository contains about 281 (Apr2011) foswiki-extensions – auto updated nightly direct from The packages have as many dependencies as I was able to coerce my build scripts to work out – but there is more work needed.


Foswiki delivers results.

In just 10 weeks, the Foswiki project has re-built the project infrastructure, fixed an additional 100 bugs over and beyond those we fixed in the TWiki source repository before the fork, moved to a new web application architecture (FSA) and undertaken a detailed security audit, fixing at their roots a large number of potential exploits.

Windows installer, Debian packages including Extensions, OSX installer, Virtual machine.

In just 10 weeks, the Foswiki project has re-built the project infrastructure, fixed an additional 100 bugs over and beyond those we fixed in the TWiki source repository before the fork, moved to a new web application architecture (FSA) and undertaken a detailed security audit, fixing at their roots a large number of potential exploits.

Additionally, we already have the following easy installers:

    Windows Installer – I’ve built an installer using Apache 2.2 and Strawberry Perl, making it possible to install Perl dependencies.
    OSX Leopard installer – Matthias Wientapper has built an pkg
    Debian and Ubuntu linux – I’ve ported my TWiki package builder to Foswiki, and now have a live updated (nightly) Debian repository containing Foswiki v1.0.0 and 105 of the 109 Extensions uploaded to
    Virtual machine image – Eugen Mayer has built a virtual machine, with detailed instructions for use with Virtual Box and VMWare.

So given the over 1800 commits in 10 weeks, a release, and much much more, It seems to me that Foswiki is a success..

Download Foswiki today!

Foswiki v1.0 hits beta

On the 26th of December 2008, Kenneth built Foswiki v1.0 Beta 1, and then Foswiki v1.0 Beta 2 on the 28th. Since then we’ve been busy testing and fixing things that are side effects of the Secure by default policy we’ve instigated.

I’ll be releaseing a Windows installer using Apache 2.2 and Strawberry Perl when Beta 3 is released – we’re still working through some Windows oddities.

its pretty amazing what has been achieved in the 2 months since the project forked.

  1. Massive XSS and parameter validation changes
  2. much more resistant input validation (Perl taint checking)
  3. over 160 bugs fixed

Happy new year, and a happy new Data Wiki release.

Strawberry Perl rocks Windows.

if you’re working or just running Perl on Windows, drop everything, run, don’t walk, to StrawberryPerl. Adam Kennedy has not only made a real Perl for windows, he’s made a proper Perl . One where CPAN just plain works.

Even better, he’s made a Perl that you can use portably, from your USB stick, so you don’t even need to install Perl on your locked down computer.

To learn about his code, I’m building a FoswikiOnAStick distro based on his code, and then I hope to work out how to extend the concept to other platforms.

Foswiki: 790 commits in 3 weeks, and now we have a name!

3 weeks into a fork compelled by the Trademark problems of the 10 year old TWiki name, and we’re almost fully reborn.

Foswiki – started out as Free, Open Source Wiki – When Community matters.

Next steps for us will be to create the Foswiki Association, and to release Foswiki v1.0 – all before Christmas 🙂

Week 2 in ‘NextWiki’ – still running at breakneck speeds

We might not yet have a name, but we’ve had over 100 commits per week, plus the 400 odd coming from my importing into our repository. The rebranding changes for the ****** v1.0 release have been declared 80% done, so the worst case estimate would see the other 80% take about 8 weeks :).

Our bug and task tracking system’s live, with connections to svn commits, twitters and lots and lots of activity both on irc and the Wiki – Its almost impossible to keep up with everything.