Best way to lock down a Wakaba imageboard to certain posters

I want to set up a Wakaba image board for my friends and I to use, but I want it so that we're the only ones who can post to it. I could try hacking it to add a field that requires a specific word be entered in order for content to be posted. It has controls for blocking and whitelisting IP addresses I could try range blocking all IP addresses and then whitelisting the IP address of a SOCKS proxy server that we would all use.

4 Replies

If you're using Apache, you could set up basic HTTP AUTH to protect the directory. (This is the no/spam prompt you get when logging in to the Linode forum.) Without knowing how Wakaba works or what software you're running it on it's hard to give more specific advice.

Thanks for responding. The website for Wakaba is here: http://wakaba.c3.cx/s/web/wakaba_kareha

It's a Japanese style image board. If the web auth can make it publicly viewable but prevent anyone else from posting, then that's good. It doesn't necessarily have to be viewable to everyone, at least just us.

The below only applies if you're running this imageboard on Apache; I would guess Nginx can do similar things but I don't know how.

If there is a separate directory path used for posting, you can put something like this in the configuration file for the site:

 <directory path="" to="" wakaba="" post="">AuthType Basic
    AuthName "John's Image Board"
    AuthBasicProvider file
    AuthUserFile /path/to/user/file
    Require valid-user</directory> 

You'll need to make sure the user file is not within the publicly-available web directories, or anyone can just download it and see what username/password combinations are accepted. You create the user file with the htpasswd command.

If the post command lives in the same directory as the view command, putting a restriction on that directory would require everyone to authenticate, even just to view images. If there is a separate file for posting images, e.g. post.pl, you might be able to do the following but I'm not 100% sure how the Files directive interacts with authentication:

 <directory path="" to="" wakaba=""><files post.pl="">AuthType Basic
    AuthName "John's Image Board"
    AuthBasicProvider file
    AuthUserFile /path/to/user/file
    Require valid-user</files></directory> 

Note that I haven't tested any of the above so it probably needs some tweaking.

We do use Apache. I think Wakaba uses a single script for everything, but I think it would work, assuming this method works, because the main script, wakaba.pl, generates a wakaba.html file that contains the webpage. Everyone could have access to wakaba.html, but only people who we know would have access to wakaba.pl to be allowed to post.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct