Fwd: Separately repository access in GitWeb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



good day.

I`m trying make separately repository access in GitWeb by NGINX

separation of access based on URL strings, namely, the presence of the
query strings:
'?p=repo.git'
with a regular expression:
"^.*p=(.*?)(\.git|;|&|=|\s).*$"

I am wondering how much it is correct to protect against unauthorized access.

Thanks in advance :)

complete example of a configuration file:

server {
        listen 80;

root /home/git/gitweb;

        access_log /var/log/nginx/gitweb.access_log main;
        error_log /var/log/nginx/gitweb.error_log info;

        index gitweb.cgi;
gzip off;

    location ~* \.(jpg|txt|jpeg|gif|png|ico|css|zip|js|swf)$ {
access_log        off;
        expires 1d;
    }

    location = / {
set $htpasswd "opened@";
if ($args ~* "^.*p=(.*?)(\.git|;|&|=|\s).*$") {
set $htpasswd /home/git/.gitolite/conf/$1_htpasswd;
        }
        if (-f $htpasswd) {
                rewrite ^.*$  /closed last;
        }

rewrite ^.*$ /guest last;
    }

    location = /closed {
internal;
access_log /var/log/nginx/gitweb-closed.access_log main;
auth_basic "Unauthorized";
        auth_basic_user_file $htpasswd;
        include fastcgi_params;
        fastcgi_param  SCRIPT_NAME gitweb.cgi;
        fastcgi_param SCRIPT_FILENAME /home/git/gitweb/gitweb.cgi;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
    }

    location = /guest {
internal;
access_log /var/log/nginx/gitweb-guest.access_log main;
        include fastcgi_params;
fastcgi_param  SCRIPT_NAME gitweb.cgi;
fastcgi_param SCRIPT_FILENAME /home/git/gitweb/gitweb.cgi;
        fastcgi_pass unix:/var/run/fcgiwrap.socket;
    }

    location  / {
        rewrite (.*) / permanent;
    }

}
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]