Best way to lock down a Wakaba imageboard to certain posters
4 Replies
basic HTTP AUTH
It's a Japanese style image board. If the web auth can make it publicly viewable but prevent anyone else from posting, then that's good. It doesn't necessarily have to be viewable to everyone, at least just us.
If there is a separate directory path used for posting, you can put something like this in the configuration file for the site:
<directory path="" to="" wakaba="" post="">AuthType Basic
AuthName "John's Image Board"
AuthBasicProvider file
AuthUserFile /path/to/user/file
Require valid-user</directory>
You'll need to make sure the user file is not within the publicly-available web directories, or anyone can just download it and see what username/password combinations are accepted. You create the user file with the htpasswd
If the post command lives in the same directory as the view command, putting a restriction on that directory would require everyone to authenticate, even just to view images. If there is a separate file for posting images, e.g. post.pl, you might be able to do the following but I'm not 100% sure how the Files directive interacts with authentication:
<directory path="" to="" wakaba=""><files post.pl="">AuthType Basic
AuthName "John's Image Board"
AuthBasicProvider file
AuthUserFile /path/to/user/file
Require valid-user</files></directory>
Note that I haven't tested any of the above so it probably needs some tweaking.