I don't want others to use the API (read or write).
Can I restrict the API access so only my own server cann access it?
I don't want others to use the API (read or write).
Can I restrict the API access so only my own server cann access it?
Not inside MediaWiki, but you can create rules in your webserver.
The access to the api has the following characteristics:
Referer
" (sic) header from the page originating the request.Referer
" header, or they'll contain a different server. But note that they could fake a Referer header!This is a bit weak, but may be useful to you.
Sorry for the late reply and thanks for the suggestions.
I'd prefer a safe method only allowing API calls from my own server. So "others" is any extenal website or app.
Could I restrict read rights for api.php?
You could add a new virtual host to your apache configuration pointing to another webroot, copy your actual wiki into it (which will use the same database as your actual wiki) and activate API (and disable it on your actual, public wiki). Now add a htaccess and deny requests from all hosts, except localhost/127.0.0.1. Nevertheless: this seems to be an ugly workaround. I'm wondering, why you don't want to activate the API for all users? All, what you can do in the API can be done through the webinterface, too :)
That is how the internet works. He could btw also parse the HTML code of the wiki to get the content. If you don't want others to read your content, then don't publish it. And: No, also storing it online at a "secured" place will not help you, just have a look at the latest celebrity photo leaks.