Re: a rather tricky mod_rewrite problem?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

solprovider@xxxxxxxxxx wrote:

RewriteCond %{REMOTE_USER} ^([a-z0-9_]+)$
RewriteRule ^/mysvn/(.*) /svn/%1/$1 [L]

The first line places a valid username into %1.
The second rewrites "/mysvn/something" to "/svn/bob/something" when
the REMOTE_USER is "bob".
Invalid usernames will not pass the condition so "/mysvn" should
display an error or login page when the Rewrite is bypassed.

solprovider

So far I've done this:

<Location /svn>
        RewriteEngine on
        RewriteRule /svn/(.*)$ /svn-repo/%{REMOTE_USER}/$1 [PT]
        AuthType Basic
        AuthName "SVN repos"
        AuthUserFile /var/svn/svnauth
        Require Valid-User
</Location>

<Location /svn-repo>
        ## Here so the RewriteRule is executed BEFORE the SVN is loaded?
        DAV svn
        SVNParentPath /var/svn/
</Location>
Its a hack, but my problem arises that anyone can browse anyone's svn repo if they know that /svn-repo/xxx/ exists. I considered adding this to /svn-repo/: 
        RewriteEngine On
        RewriteCond %{REQUEST_URI} !/svn-repo/%{REMOTE_USER}/ [OR]
        RewriteCond %{REQUEST_URI} =/svn-repo/ [OR]
        RewriteCond %{REQUEST_URI} !/svn-repo/%{REMOTE_USER}/.*
        RewriteRule %{REQUEST_URI} /svntroll/ [G]

but it never executes... dav_svn comes in //before// rewrite.
/svntroll/ contains a simple page saying "dont do that, go to /svn/!"
My other idea though is to make it so that /svn-repo handles the authentication, and in Require: its the name of the user (ie the call comes in for /svn-repo/bob/, it does a require-user: bob) 

I would implement this using the following:
<Location /svn-repo>
	AuthType Basic
	AuthName "SVN Repos"
	AuthUserFile /var/svn/svnauth
	Require %{REMOTE_USER}

	DAV svn
	SvnParentPath /var/svn/
</Location>
<Location /svn>
	RewriteEngine on
RewriteRule /svn/(.*)$ /svn-repo/%{REMOTE_USER}/$1 ([PT]? -- any other options?) 
	AuthType Basic
	AuthName "SVN Repos"
	AuthUserFile /var/svn/svnauth
	Require Valid-User
</Location>

Would this work? or would the realm problem exist?

-Morgan Gangwere


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux