I have a centos 7 server with a git repo shared over smart http, when I make “git push” the authentication works but when I make “git clone” not works. I want than Git and Apache ask me user and password to clone the repos.
/var/www/git -> Is my repo dir /var/www/html -> Is the web sites dir
My site.conf is:
<VirtualHost *:80>ServerAdmin webmaster@localhostServerName miserver.comDocumentRoot /var/www/htmlSetEnv GIT_PROJECT_ROOT /var/www/gitSetEnv GIT_HTTP_EXPORT_ALLScriptAlias /git /usr/libexec/git-core/git-http-backend/<Directory /var/www/html/gitweb> Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch AllowOverride All order allow,deny Allow from all AddHandler cgi-script cgi DirectoryIndex gitweb.cgi</Directory><Directory /var/www/git> DAV On Options ExecCGI FollowSymLinks Indexes AuthType Basic AuthName "git repository" AuthUserFile /var/www/git/.htpasswd</Directory><Files "git-http-backend"> AuthType Basic AuthName "Git Access" AuthUserFile /var/www/git/.htpasswd Require expr !(%{QUERY_STRING} -strmatch '*service=git-receive-pack*' || %{REQUEST_URI} =~ m#/git-receive-pack$#) Require valid-user</Files>ErrorLog /var/www/html/error.logCustomLog /var/www/html/access.log combinedAdvertisement
Answer
Your configuration uses a Require expr that matches on git-receive-pack. That’s the service that’s used when you push to the server. In order to make the server require authentication for clones and fetches, you need to match on git-upload-pack as well.
The easiest way to fix this is probably to remove that Require expr line, since it sounds like you want the server to always apply authentication, regardless of the task you’re performing. Removing the Require expr lines removes the exemption for non-push operations.