On 26/08/12 11:13, Jeff King wrote: > Yeah, I'm surprised it took this long to come up, too. Perhaps most > people just do anonymous http, and then rely on ssh for pushing to > achieve the same effect. Or maybe my analysis of the problem is wrong. > :) I'd be using ssh to push too, but the simple fact is that the http way works through a proxy and so essentially works from anywhere. The same isn't true for ssh or git protocols. Well that's my reason anyway :) > Yeah, I think that will work. It feels a little weird and hacky. E.g., Yeah, it does. I couldn't find a simple way though, most stuff like LocationMatch specifically excludes the query string which makes it rather more difficult. > I don't know enough about Apache to know off-hand if there is a cleaner > way. I'll investigate a bit more before doing my documentation patch. I'm not an apache expert either. What I could find was using mod_rewrite to set an env var based on something in the query string, but not actually do any rewrite. Then looking at how to check the env var and do something based on that got me the example of simply using If with an expression to match directly on the query string. > I think that would be cleaner. It would be even nicer if you could > really just match "service=" as a query parameter, but I don't know that > apache parses that at all. I also don't know if Apache does any > canonicalization of the QUERY_STRING. When matching, you'd want to make >From what I can tell apache really doesn't care much about the query string at all, it seems to just pass it through unless you start messing with it using mod_rewrite, but even then you're still regex based. I couldn't find anything that parsed out individual parameters. Of course I could just be looking in all the wrong places :) > sure there is no way of a client sneaking in a parameter that git would > understand to mean a push, but that your pattern would not notice (so, > e.g., just matching "git-receive-pack$" would not be sufficient, as I yep, and matching on THE_REQUEST gets you the whole string, including the HTTP/1.1 on the end. I tried putting the $ on the end of the regex and it didn't work. It should be possible to combine the original regex from the LocationMatch example and something like /[?&]service=git-receive-pack/ though, which should make it somewhat safer. > No problem. I'll probably be a day or two on the patches, as the http > tests are in need of some refactoring before adding more tests. But in > the meantime, I think your config change is a sane work-around. Works-For-Me is all I need right now :) I'll be interested if you come up with something better though. Iain -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html