From: Michael Durian <durian@boogie.com>
To: cgit@lists.zx2c4.com
Subject: Trying to access invalid directory
Date: Thu, 13 May 2021 19:39:02 +0000 [thread overview]
Message-ID: <01010179673d4f97-eec6aedf-4248-42ab-bf94-7840bde76b73-000000@us-west-2.amazonses.com> (raw)
I’m seeing errors like the following appear in my log file:
[Thu May 13 12:59:33.740795 2021] [authz_core:error] [pid 67752] [client 71.237.74.11:57890] AH01630: client denied by server configuration: /ebs1/git/src, referer: https://git.boogie.com/moca/src/Handset/diff/
I think rather than trying to access /ebs1/git/src, it should be trying to access /ebs1/git/moca/src. I’m guessing there is a way I can correct this using macro substitutions, but I’m not sure what configuration value needs to be adjusted.
Here’s what I’m trying to do. I’m using apache authentication to restrict access to different git areas. Each area has its own .htpasswd. Basically, if you are trying to access /moca, you need to authenticate. The same LocationMatch block that handles the authentication defines REPO_NAME and SCANPATH environment variables that I then use in the cgitrc file. What should I adjust to keep cgit from trying to access the wrong filesystem path? Or am I thinking about this all wrong and should take a different approach completely?
Excerpts from my VirtualHost definition:
DocumentRoot /ebs1/git
<LocationMatch ^/moca>
AuthType Basic
AuthName 'Git Access'
AuthUserFile /ebs1/git/moca/.htpasswd
Require valid-user
Order allow,deny
Allow from all
# Let cgit know where to search for repositories.
# This value is passed to cgitrc where it is used
# to for the scan-path variable.
SetEnv REPO_NAME moca
SetEnv SCANPATH /ebs1/git/moca
</LocationMatch>
SetEnv GIT_PROJECT_ROOT /ebs1/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/info/[^/]+ | \
git-(upload|receive)-pack))$" \
/usr/local/libexec/git-core/git-http-backend/$1
# For cgit
SetEnv CGIT_CONFIG /ebs1/git/cgit/cgitrc
<Directory /ebs1/git/cgit>
AllowOverride None
Options +ExecCGI
Require all granted
</Directory>
Alias /cgit.png /ebs1/git/cgit/cgit.png
Alias /cgit.css /ebs1/git/cgit/cgit.css
Alias /favicon.ico /ebs1/git/cgit/favicon.ico
ScriptAlias /moca /ebs1/git/cgit/cgit.cgi
And here’s my /ebs1/git/cgit/cgitrc
enable-http-clone=1
enable-commit-graph=1
enable-log-filecount=1
enable-log-linecount=1
remove-suffix=1
enable-git-config=1
clone-url=https://git.boogie.com/$REPO_NAME/$CGIT_REPO_URL
scan-path=$SCANPATH
Thanks,
mike
reply other threads:[~2021-05-13 19:39 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=01010179673d4f97-eec6aedf-4248-42ab-bf94-7840bde76b73-000000@us-west-2.amazonses.com \
--to=durian@boogie.com \
--cc=cgit@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).