I have a centos 7 server with a git repo shared over smart http, when I make "git push" the authentication works but when I make "git clone" not works. I want than Git and Apache ask me user and password to clone the repos.
/var/www/git -> Is my repo dir
/var/www/html -> Is the web sites dir
My site.conf is:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName miserver.com
DocumentRoot /var/www/html
SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git /usr/libexec/git-core/git-http-backend/
<Directory /var/www/html/gitweb>
Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride All
order allow,deny
Allow from all
AddHandler cgi-script cgi
DirectoryIndex gitweb.cgi
</Directory>
<Directory /var/www/git>
DAV On
Options ExecCGI FollowSymLinks Indexes
AuthType Basic
AuthName "git repository"
AuthUserFile /var/www/git/.htpasswd
</Directory>
<Files "git-http-backend">
AuthType Basic
AuthName "Git Access"
AuthUserFile /var/www/git/.htpasswd
Require expr !(%{QUERY_STRING} -strmatch '*service=git-receive-pack*' || %{REQUEST_URI} =~ m#/git-receive-pack$#)
Require valid-user
</Files>
ErrorLog /var/www/html/error.log
CustomLog /var/www/html/access.log combined
Your configuration uses a Require expr that matches on git-receive-pack. That's the service that's used when you push to the server. In order to make the server require authentication for clones and fetches, you need to match on git-upload-pack as well.
The easiest way to fix this is probably to remove that Require expr line, since it sounds like you want the server to always apply authentication, regardless of the task you're performing. Removing the Require expr lines removes the exemption for non-push operations.
Related
I'm trying to launch a website using apache2 through a remote server in the PuttY program. The site gives a 503 error. There are no errors in the logs. All necessary components for operation are installed.
Maybe I made a mistake in the code (although I wrote the backend in the same way and it works fine)
ServerName test.site.com
DocumentRoot /var/www/test/frontend/web/
DirectoryIndex index.php index.html index.htm index.shtml
<Directory /var/www/test/frontend/web/>
Options Indexes FollowSymLinks MultiViews
Options all
# AllowOverride controls what directives may be placed in .htac>
AllowOverride All
# Controls who can get stuff from this server file
#Order allow,deny
Allow from all
Require all granted
</Directory>
<IfModule mpm_peruser_module>
ServerEnvironment apache apache
</IfModule>
ErrorLog /${APACHE_LOG_DIR}/test.lan-error.log
CustomLog /${APACHE_LOG_DIR}/test.lan-access.log combined
</VirtualHost>```
[1]: https://i.stack.imgur.com/6stZG.png
I'm trying to protect an older TYPO3 8.7 backend (/typo3) via an AuthType basic part in the normal TYPO3 .htaccess file.
I always end up with internal server errors.
Has anyone done this before ?
Is it possible that this could not wor with the symlinks ?
I am puting this part of code on top of my .htaccess (before all the rwrite stuff starts):
SetEnvIf Request_URI ^.*/typo3.* require_auth=true
AuthType basic
AuthName "Admin Schutz"
AuthUserFile /usr/etc/.htpasswd
#Order Deny,Allow
#Deny from all
#Satisfy any
Require valid-user
Allow from env=!require_auth
Thanks for any hints!
Assuming that your /usr/etc/.htpasswd file is accessible and valid (created properly with htpasswd command and chmoded to 644) your sample should work for Apache 2.2, but not in Apache 2.4 according to comments in this post. Literally in 2.4 it will work, but will require password also for your root domain.
There are two solutions. First is placing additional .htaccess files in your typo3 directory with simple rule, i.e. as shown by #Naderio:
AuthType basic
AuthName "Secret area!"
AuthUserFile /usr/etc/.htpasswd
require valid-user
Order deny,allow
Deny from all
Satisfy ANY
However, if you created a typo3 symlink to sources as suggested in TYPO3's documentation and/or you don't want to require BasicAuth for all projects which uses the same sources, you can override these settings directly in VHOST configuration like (assuming that you have all your TYPO3 projects i.e. in /www/typo3/ folder:
<VirtualHost *:80>
ServerAdmin your#email.tld
DocumentRoot "/www/typo3/project-x.loc"
ServerName project-x.loc
# below your valid paths for log files...
# ErrorLog "logs/project-x.loc-error_log"
# CustomLog "logs/project-x.loc-access_log" common
<Directory "/www/typo3/project-x.loc">
Options Indexes FollowSymLinks ExecCGI Includes
AllowOverride All
Require all granted
</Directory>
<Directory "/www/typo3/project-x.loc/typo3">
AuthType basic
AuthName "Restricted in VHOST config!"
AuthUserFile /usr/etc/.htpasswd
require valid-user
Order deny,allow
Deny from all
Satisfy ANY
</Directory>
</VirtualHost>
Note: I'd check anyway if the path you are trying to use /usr/etc/ is accessible for Apache at all, maybe it will be better moving your .htpasswd file somewhere closer to your www structure like to folder /www/etc/ and fix the above rules accordingly?
Should work with:
AuthType basic
AuthName "Secret area!"
AuthUserFile /usr/etc/.htpasswd
require valid-user
Order deny,allow
Deny from all
Satisfy ANY
An internal server error is thrown, e.g. if your path to the AuthUserFile isn't correct.
Here i've written down my snippet for my personal public documentation:
https://www.entwicklertools.de/snippet-sammlung/htaccess-snippets/passwortschutz-einrichten/
Thanks to all replies.
finally we also did this in the vhost by the following code using the "location"-tag.
<Location /typo3/>
AuthType Basic
AuthName "Enter Password"
AuthUserFile /www_data/.htpasswd4xyz
Require valid-user
</Location>
In case you can't edit the vhost config,
this line shoud work istead of your SetEnvIf in your .htaccess, intoo:
SetEnvIfNoCase Request_URI ^/typo3/$ require_auth=true
First of all thanks for the help. I'm trying to port a website to a new version of linux (Raspian Jessie), and am having a few issues, apache2 is version 2.4.10. Mainly with getting the cgi-bin folder to update correctly. I've updated the default file in /etc/apache2/sites-available/ to reflect the location that I would like the directory to be, yet apache is still trying to use the old cgi-bin location, thus giving me a 404 when I try to view the page in a web browser. My current config is as follows:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride ALL
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
<Directory "/var/www/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined</VirtualHost>
The error log indicates that apache is still looking in the /usr/lib/cgi-bin/ directory for the cgi files and I can't seem to get it to update to the new location. Any thoughts.
You are not using "Include" correctly to load your VirtualHost file, therefore apachectl -S output does not show anything after "VirtualHost configuration:" and it goes on to the next section. There it should list your virtualhost and say it is the default as it is only one.
Review your Include directives
I have read that Delta-V adds Versioning Extensions to WebDAV but I don't find how to configure my ubuntu server to implement this extentions . this is my webdav configuration and it works fine :
<Directory /webdav>
Options Indexes MultiViews FollowSymlinks
DAV On
AuthType Basic
AuthName "webdav"
AuthUserFile /etc/apache2/webdav.password
Require valid-user
</Directory>
I am trying to allow a single location (a file which does not exist) to be accessed on my Apache 2.2.3 (Centos) server to be able to implement the paypal ipn listener.
The other files should stay password protected.
How can I allow a single location to be accessed without login?
The code bellow shows what I tried so far.
The location directive selects the correct location (I tested this by writing deny from all to it).
The issue I have now is that the server is still asking for a password for that location.
I tried already to put the location directive into the directory one but this leads to an syntax error (even if it would be allowed for file directives) but I can not use a file directive instead a location one, because the file does not physically exist.
<Directory /var/www/vhosts/somedomain.net/subdomains/p103.myproject/httpdocs/public>
Order Deny,Allow
Options -Includes -ExecCGI
SetEnv APPLICATION_ENV "development"
AuthName "myproject"
AuthType Basic
AuthUserFile /var/www/vhosts/somedomain.net/subdomains/p103.myproject/.htpasswd
AuthGroupFile /var/www/vhosts/somedomain.net/subdomains/p103.myproject/.htgroups
Require group myproject
</Directory>
DocumentRoot /var/www/vhosts/somedomain.net/subdomains/p103.myproject/httpdocs/public
<Location "/ipn/sdsad8329ejslkdjasl">
Order Deny,Allow
Allow from all
Satisfy Any
</Location>
Here a link to the documentation: http://httpd.apache.org/docs/2.2/
You can use a SetEnvIf to match against the Request_URI to set a variable, then use a combination of Satisfy any, Require group myproject and Allow.
Try something like this:
DocumentRoot /var/www/vhosts/somedomain.net/subdomains/p103.myproject/httpdocs/public
# Here we check if the request is for something we don't need to authorize
SetEnvIf Request_URI ^/ipn/sdsad8329ejslkdjasl NO_AUTH_NEEDED=1
<Directory /var/www/vhosts/somedomain.net/subdomains/p103.myproject/httpdocs/public>
Order Allow,Deny
Options -Includes -ExecCGI
SetEnv APPLICATION_ENV "development"
AuthName "myproject"
AuthType Basic
AuthUserFile /var/www/vhosts/somedomain.net/subdomains/p103.myproject/.htpasswd
AuthGroupFile /var/www/vhosts/somedomain.net/subdomains/p103.myproject/.htgroups
# This makes it so one of the 2 is good enough
Satisfy Any
# We allow first, but only if the NO_AUTH_NEEDED is set
Allow from env=NO_AUTH_NEEDED
# Otherwise, require a login
Require group myproject
</Directory>