Mercurial > hg > Blog
annotate content/SCM/http-auth-hgwebdir.md @ 0:4cd9b65e10e4
initial import of the pelican based blog
| author | Dirk Olmes <dirk@xanthippe.ping.de> |
|---|---|
| date | Fri, 28 Jun 2013 08:48:58 +0200 |
| parents | |
| children |
| rev | line source |
|---|---|
|
0
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
1 Title: HTTP auth for hgwebdir.cgi |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
2 Tags: Mercurial |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
3 Date: 2009-01-16 |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
4 Lang: en |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
5 |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
6 The easiest way to publish your [Mercurial](http://www.selenic.com/mercurial/wiki/) repository via HTTP is probably the use of `hgwebdir.cgi`. |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
7 |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
8 There are quite a number of HOWTOs out there on how to configure hgwebdir.cgi on the web, e.g. [this one](http://www.selenic.com/mercurial/wiki/index.cgi/PublishingRepositories): it talks about configuring hgwebdir.cgi and how to set up "nicer" URLs and authentication for the repository. |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
9 |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
10 While following that instruction I stumbled upon a possible leak in all of the HOWTOs I found out there: they protect the rewritten, "nice" URL to the repository but still allow unauthenticated acces to `/cgi-bin/hgwebdir.cgi`. |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
11 |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
12 The following configuration circumvents this bug: |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
13 |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
14 Step 1: configure nice repository URLs: |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
15 <div class="highlight"><pre> |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
16 ScriptAliasMatch ^/hg(.*) /where/ever/cgi-bin/hgwebdir.cgi$1 |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
17 </pre></div> |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
18 |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
19 Step2: use the *LocationMatch* directive to protect all possible accesses to the repository: |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
20 <div class="highlight"><pre> |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
21 <LocationMatch /(cgi-bin/hgwebdir.cgi|hg)/myhgrepository> |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
22 AuthType Basic |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
23 .... |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
24 </LocationMatch> |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
25 </pre></div> |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
26 |
|
4cd9b65e10e4
initial import of the pelican based blog
Dirk Olmes <dirk@xanthippe.ping.de>
parents:
diff
changeset
|
27 Now you can use either `http://myhost/hg/myhgrepository` or `http://myhost/cgi-bin/hgwebdir.cgi/myhgrepository` to access the repo and you'll get the auth prompt on either URL. |