On Mar 9, 2010, at 14:01 , Antonio García Domínguez wrote:
> Git first GETs that URL you mention, and then POSTs to the usual
> git-receive-pack URL. Both need authentication, but you're only
> authenticating the POST. I suggest you authenticate every request to
> the git-receive-pack service. Try something like this (warning,
> untested!):
>
>> <LocationMatch "^/git/.*/[^/]*git-receive-pack$"
LocationMatch will not match against the query string which is where the service name is. To match against the query string, you would need to do something like:
RewriteCond %{QUERY_STRING} service=git-receive-pack
RewriteRule .* - [E=AUTHREQUIRED:yes]
then
Order Allow,Deny
Deny from env=AUTHREQUIRED
Allow from all
Satisfy Any
# Add other auth statements for password file.
(also untested :-)
But, I would think using <LimitExcept GET PROPFIND OPTIONS REPORT> to protect against "writing" to the repo without auth should be sufficient.
--
BJ Hargrave
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html