I have a centos 7 server with a git repo shared over smart http, when I make “git push” the authentication works but when I make “git clone” not works. I want than Git and Apache ask me user and password to clone the repos.
/var/www/git -> Is my repo dir /var/www/html -> Is the web sites dir
My site.conf is:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName miserver.com
DocumentRoot /var/www/html
SetEnv GIT_PROJECT_ROOT /var/www/git
SetEnv GIT_HTTP_EXPORT_ALL
ScriptAlias /git /usr/libexec/git-core/git-http-backend/
<Directory /var/www/html/gitweb>
Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride All
order allow,deny
Allow from all
AddHandler cgi-script cgi
DirectoryIndex gitweb.cgi
</Directory>
<Directory /var/www/git>
DAV On
Options ExecCGI FollowSymLinks Indexes
AuthType Basic
AuthName "git repository"
AuthUserFile /var/www/git/.htpasswd
</Directory>
<Files "git-http-backend">
AuthType Basic
AuthName "Git Access"
AuthUserFile /var/www/git/.htpasswd
Require expr !(%{QUERY_STRING} -strmatch '*service=git-receive-pack*' || %{REQUEST_URI} =~ m#/git-receive-pack$#)
Require valid-user
</Files>
ErrorLog /var/www/html/error.log
CustomLog /var/www/html/access.log combined
Advertisement
Answer
Your configuration uses a Require expr that matches on git-receive-pack. That’s the service that’s used when you push to the server. In order to make the server require authentication for clones and fetches, you need to match on git-upload-pack as well.
The easiest way to fix this is probably to remove that Require expr line, since it sounds like you want the server to always apply authentication, regardless of the task you’re performing. Removing the Require expr lines removes the exemption for non-push operations.