HTTP Authentication
The easiest way to restrict any access to your Thingy is by setting up HTTP authentication in your web server. (Refer to your web server documentation for details.)
Sometimes, you might want to restrict only write access to your Thingy to authenticated users, but allow anybody (or at least a different group of people) to read your Thingy. In order to do that, you can configure Thingy to have a primary URL for restricted access (read-only) and a secondary URL for full access (read/write). It is your responsibility to configure your web server to demand HTTP authentication when users access your Thingy over its secondary URL.
Set the following environment variables in your web server configuration to configure this behavior:
- THINGY_RESTRICTED
- If set to
1, specifies that Thingy is running in "restricted access" mode. Users can only read pages; any attempt to create or edit pages will redirect them to the secondary URL defined in THINGY_AUTH_URL (see below). - THINGY_AUTH_URL
- Specifies the secondary URL users are redirected to when attempting to create or edit pages. You should configure your web server to demand HTTP authentication from users trying to access this URL, and you should make sure
THINGY_RESTRICTED is set to 0 (see Tie Thingy users to HTTP users) or is unset under this URL.
In an Apache configuration file, this setup could look somewhat similar to this:
SetEnv THINGY_INSTANCE my-thingy
# Set up restricted Thingy access for default URL:
SetEnv THINGY_RESTRICTED 1
# When restricted, editing links point to the "full access" URL:
SetEnv THINGY_AUTH_URL http://www.example.org/my-thingy/auth
# Set up configuration for the "full access" URL:
<LocationMatch "^/my-thingy/auth(/|$)">
# Set up HTTP authentication for the "full access" URL
# (refer to your web server documentation for details):
AuthName "my-thingy write access"
...
# When authenticated via HTTP, grant full access
# and use the HTTP user name as the Thingy user name:
SetEnv THINGY_RESTRICTED 0
</LocationMatch>