Hi BJ, > LocationMatch will not match against the query string which is where the service name is. To match against the query string, you would need to do something like: Oops, you're right. I'm actually matching the unparsed URL using a regexp in a Perl authentication module, so I missed that Apache detail. Your snippet looks good to me. > But, I would think using <LimitExcept GET PROPFIND OPTIONS REPORT> to protect against "writing" to the repo without auth should be sufficient. But that doesn't work for the smart HTTP method. Limiting by method is OK for dumb HTTP (as we're basically just modifying files using WebDAV), but the git-http-backend CGI only uses GET and POST, and requires authentication depending not on the HTTP method, but what service is being used. Or so I think :-). Cheers, Antonio -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html