Hi all, > A flaw of the smart HTTP transport is the servers are > nearly impossible to configure for anonymous clone and > authenticated push via the same URL. The servers just > can't seem to be configured to require authentication > for the $GIT_DIR/info/refs?service=git-receive-pack request. Yeah, the problem seems to be that query string. Apache's <Location> doesn't help with that. However, you could add a custom authentication handler which checks the query part of the URL, right? <shameless plug> In fact, I submitted a patch which adds smart HTTP integration to Redmine's Perl auth module at [1] and does just this. I've tested on a server I set up at my uni, and pretty much nowhere else :-/. Lines 250-254 should do just that: check the unparsed URI (possibly including the query string) for git- receive-pack at the end. That includes .../git-receive-pack and .../refs?service=git-receive-pack. Perhaps you could take just the parts you need from the patched Redmine.pm file. </shameless plug> Another option could be using RewriteCond to set an environment variable depending on REQUEST_URI and QUERY_STRING [2] and use "Allow from env=..." [3]. I think it should be simpler than writing and installing an authentication handler, but I'm not sure, either. I'm mostly limited to Apache here: perhaps it can be easier with other web servers. [1]: http://www.redmine.org/attachments/3300/0001-Redmine.pm-add-Git-smart- HTTP-support-v4.patch [2]: http://www.phwinfo.com/forum/alt-apache-configuration/329880-regular- expressions-locationmatch.html#post1483835 [3]: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow Regards, Antonio
Attachment:
signature.asc
Description: This is a digitally signed message part.