tags:

views:

170

answers:

1
+1  Q: 

.htaccess : allow download of Mercurial archive but only that

Hello,

I was fairly happy with my Mercurial setup until now. I use it for personal projects and it is hosted on a shared server at OVH (a French hosting provider).

Currently, I have a .htaccess to protect my projects and only allow certain people to pull/push from my repositories. However, I would like to make the changesets archives public.

The URLs look like this :

http://domain/hg/projectname/archive/486e5be13c82.tar.bz2
http://domain/hg/projectname/archive/tip.tar.bz2

My .htaccess looks like this :

AuthUserFile /home/******/.hgusers
AuthName "Mercurial"
AuthType Basic

Order allow,deny
Allow from all

Require valid-user

And I would like to have the archive URLs to not ask a username/password. I don't mind using mod_rewrite for that. Thanks!

Remi Gillig.

+1  A: 

If you allow public access to all the changeset tarballs, then I suggest simply making the repository public (without allowing push, obviously). That is quite simple: hg push is done with a POST HTTP request, so you only need to Require valid-user for that. See also the wiki.

My thinking is that by giving people access to the tarballs, you have effectively given them access to the entire repository with the exception of the commit messages. So the cleanest solution is probably to just admit that and only restrict hg push :-)

Apart from that piece of wanna-be advice, I suggest you look at the <Location> and <LocationMatch> directives if you have access to a system-wide configuration file for Apache (they cannot be put in a .htaccess file). I'm not a big Apache guru, so sorry for not giving you a ready-made rule you can insert.

Martin Geisler  2009-12-19 18:50:06
Well, I didn't think about that before but maybe I could make another hgwebdir.cgi which displays only specific repositories under something like http://domain/hgpublic/. I don't want anyone to be able to access some private projects served under /hg/ so making all the repos public is not a viable solution for me. I will dig into modifiying the display script and report back.
speps  2009-12-19 23:12:50
OK, it works like a charm, I moved my public repos to a different directory and created a different hgweb.config to display only these. I now have 2 URLs : /hg for my private repos and /hg-public for my public repos. In /hg I even have the list of public repos so I don't have to modify the push URLs in hg when I push.
speps  2009-12-19 23:45:49
Cool, having two URLs sounds like a nice solution too (less magic than protecting only some of the URLs).
Martin Geisler  2009-12-20 10:22:56

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP