Wiki Farm Security

A loose discussion of Wiki Farm security. A more technical discussion may well evolve over at GitHub .

Ward Cunningham: My approach is to ignore them. If I want to count sites I run a find command to kill empty sites first.

Nick Niemeir: Yeah, my normal setup has more than one service on a box anyway, all wanting to share port 80. So I will run a reverse proxy on port 80 (usually something custom in node, but nginx or apache would work well when configured right). Traffic then comes in to the same IP on a multitude of different hosts on port 80, that traffic is then directed to different ports on the same box, all the names that I want to be wiki's get directed to the farm on the port. Then names that I don't expect don't get directed to the farm.

Paul Rodwell : I'm using nginx, just configure it to only accept the domains you’re expecting, using wildcards if necessary - and have a default to catch all the rest that uses return 444 so the connection is silently dropped. This does of course, sadly, add an extra step to creating new wiki in the farm.

There is also a three part tutorial, New Ubuntu 14.04 Server Checklist, which covers the basic server security - digitalocean.com .