good day.
I`m trying make separately repository access in GitWeb by NGINX
separation of access based on URL strings, namely, the presence of the
query strings:
'?p=repo.git'
with a regular expression:
"^.*p=(.*?)(\.git|;|&|=|\s).*$"
I am wondering how much it is correct to protect against unauthorized access.
Thanks in advance :)
complete example of a configuration file:
server {
listen 80;
root /home/git/gitweb;
access_log /var/log/nginx/gitweb.access_log main;
error_log /var/log/nginx/gitweb.error_log info;
index gitweb.cgi;
gzip off;
location ~* \.(jpg|txt|jpeg|gif|png|ico|css|zip|js|swf)$ {
access_log off;
expires 1d;
}
location = / {
set $htpasswd "opened@";
if ($args ~* "^.*p=(.*?)(\.git|;|&|=|\s).*$") {
set $htpasswd /home/git/.gitolite/conf/$1_htpasswd;
}
if (-f $htpasswd) {
rewrite ^.*$ /closed last;
}
rewrite ^.*$ /guest last;
}
location = /closed {
internal;
access_log /var/log/nginx/gitweb-closed.access_log main;
auth_basic "Unauthorized";
auth_basic_user_file $htpasswd;
include fastcgi_params;
fastcgi_param SCRIPT_NAME gitweb.cgi;
fastcgi_param SCRIPT_FILENAME /home/git/gitweb/gitweb.cgi;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location = /guest {
internal;
access_log /var/log/nginx/gitweb-guest.access_log main;
include fastcgi_params;
fastcgi_param SCRIPT_NAME gitweb.cgi;
fastcgi_param SCRIPT_FILENAME /home/git/gitweb/gitweb.cgi;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location / {
rewrite (.*) / permanent;
}
}
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html