t / lib-httpd / apache.confon commit http-walker: fix buffer underflow processing remote alternates (d61434a)
   1ServerName dummy
   2PidFile httpd.pid
   3DocumentRoot www
   4LogFormat "%h %l %u %t \"%r\" %>s %b" common
   5CustomLog access.log common
   6ErrorLog error.log
   7<IfModule !mod_log_config.c>
   8        LoadModule log_config_module modules/mod_log_config.so
   9</IfModule>
  10<IfModule !mod_alias.c>
  11        LoadModule alias_module modules/mod_alias.so
  12</IfModule>
  13<IfModule !mod_cgi.c>
  14        LoadModule cgi_module modules/mod_cgi.so
  15</IfModule>
  16<IfModule !mod_env.c>
  17        LoadModule env_module modules/mod_env.so
  18</IfModule>
  19<IfModule !mod_rewrite.c>
  20        LoadModule rewrite_module modules/mod_rewrite.so
  21</IFModule>
  22<IfModule !mod_version.c>
  23        LoadModule version_module modules/mod_version.so
  24</IfModule>
  25<IfModule !mod_headers.c>
  26        LoadModule headers_module modules/mod_headers.so
  27</IfModule>
  28
  29<IfVersion < 2.4>
  30LockFile accept.lock
  31</IfVersion>
  32
  33<IfVersion < 2.1>
  34<IfModule !mod_auth.c>
  35        LoadModule auth_module modules/mod_auth.so
  36</IfModule>
  37</IfVersion>
  38
  39<IfVersion >= 2.1>
  40<IfModule !mod_auth_basic.c>
  41        LoadModule auth_basic_module modules/mod_auth_basic.so
  42</IfModule>
  43<IfModule !mod_authn_file.c>
  44        LoadModule authn_file_module modules/mod_authn_file.so
  45</IfModule>
  46<IfModule !mod_authz_user.c>
  47        LoadModule authz_user_module modules/mod_authz_user.so
  48</IfModule>
  49<IfModule !mod_authz_host.c>
  50        LoadModule authz_host_module modules/mod_authz_host.so
  51</IfModule>
  52</IfVersion>
  53
  54<IfVersion >= 2.4>
  55<IfModule !mod_authn_core.c>
  56        LoadModule authn_core_module modules/mod_authn_core.so
  57</IfModule>
  58<IfModule !mod_authz_core.c>
  59        LoadModule authz_core_module modules/mod_authz_core.so
  60</IfModule>
  61<IfModule !mod_access_compat.c>
  62        LoadModule access_compat_module modules/mod_access_compat.so
  63</IfModule>
  64<IfModule !mod_mpm_prefork.c>
  65        LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
  66</IfModule>
  67<IfModule !mod_unixd.c>
  68        LoadModule unixd_module modules/mod_unixd.so
  69</IfModule>
  70</IfVersion>
  71
  72PassEnv GIT_VALGRIND
  73PassEnv GIT_VALGRIND_OPTIONS
  74PassEnv GNUPGHOME
  75PassEnv ASAN_OPTIONS
  76PassEnv GIT_TRACE
  77PassEnv GIT_CONFIG_NOSYSTEM
  78
  79Alias /dumb/ www/
  80Alias /auth/dumb/ www/auth/dumb/
  81
  82<LocationMatch /smart/>
  83        SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
  84        SetEnv GIT_HTTP_EXPORT_ALL
  85</LocationMatch>
  86<LocationMatch /smart_noexport/>
  87        SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
  88</LocationMatch>
  89<LocationMatch /smart_custom_env/>
  90        SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
  91        SetEnv GIT_HTTP_EXPORT_ALL
  92        SetEnv GIT_COMMITTER_NAME "Custom User"
  93        SetEnv GIT_COMMITTER_EMAIL custom@example.com
  94</LocationMatch>
  95<LocationMatch /smart_namespace/>
  96        SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
  97        SetEnv GIT_HTTP_EXPORT_ALL
  98        SetEnv GIT_NAMESPACE ns
  99</LocationMatch>
 100<LocationMatch /smart_cookies/>
 101        SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
 102        SetEnv GIT_HTTP_EXPORT_ALL
 103        Header set Set-Cookie name=value
 104</LocationMatch>
 105<LocationMatch /smart_headers/>
 106        SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
 107        SetEnv GIT_HTTP_EXPORT_ALL
 108</LocationMatch>
 109ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1
 110ScriptAlias /broken_smart/ broken-smart-http.sh/
 111ScriptAlias /error/ error.sh/
 112<Directory ${GIT_EXEC_PATH}>
 113        Options FollowSymlinks
 114</Directory>
 115<Files broken-smart-http.sh>
 116        Options ExecCGI
 117</Files>
 118<Files error.sh>
 119  Options ExecCGI
 120</Files>
 121<Files ${GIT_EXEC_PATH}/git-http-backend>
 122        Options ExecCGI
 123</Files>
 124
 125RewriteEngine on
 126RewriteRule ^/dumb-redir/(.*)$ /dumb/$1 [R=301]
 127RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301]
 128RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302]
 129RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301]
 130RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
 131RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302]
 132
 133RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302]
 134RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302]
 135
 136# The first rule issues a client-side redirect to something
 137# that _doesn't_ look like a git repo. The second rule is a
 138# server-side rewrite, so that it turns out the odd-looking
 139# thing _is_ a git repo. The "[PT]" tells Apache to match
 140# the usual ScriptAlias rules for /smart.
 141RewriteRule ^/insane-redir/(.*)$ /intern-redir/$1/foo [R=301]
 142RewriteRule ^/intern-redir/(.*)/foo$ /smart/$1 [PT]
 143
 144# Serve info/refs internally without redirecting, but
 145# issue a redirect for any object requests.
 146RewriteRule ^/redir-objects/(.*/info/refs)$ /dumb/$1 [PT]
 147RewriteRule ^/redir-objects/(.*/objects/.*)$ /dumb/$1 [R=301]
 148
 149# Apache 2.2 does not understand <RequireAll>, so we use RewriteCond.
 150# And as RewriteCond does not allow testing for non-matches, we match
 151# the desired case first (one has abra, two has cadabra), and let it
 152# pass by marking the RewriteRule as [L], "last rule, do not process
 153# any other matching RewriteRules after this"), and then have another
 154# RewriteRule that matches all other cases and lets them fail via '[F]',
 155# "fail the request".
 156RewriteCond %{HTTP:x-magic-one} =abra
 157RewriteCond %{HTTP:x-magic-two} =cadabra
 158RewriteRule ^/smart_headers/.* - [L]
 159RewriteRule ^/smart_headers/.* - [F]
 160
 161<IfDefine SSL>
 162LoadModule ssl_module modules/mod_ssl.so
 163
 164SSLCertificateFile httpd.pem
 165SSLCertificateKeyFile httpd.pem
 166SSLRandomSeed startup file:/dev/urandom 512
 167SSLRandomSeed connect file:/dev/urandom 512
 168SSLSessionCache none
 169SSLMutex file:ssl_mutex
 170SSLEngine On
 171</IfDefine>
 172
 173<Location /auth/>
 174        AuthType Basic
 175        AuthName "git-auth"
 176        AuthUserFile passwd
 177        Require valid-user
 178</Location>
 179
 180<LocationMatch "^/auth-push/.*/git-receive-pack$">
 181        AuthType Basic
 182        AuthName "git-auth"
 183        AuthUserFile passwd
 184        Require valid-user
 185</LocationMatch>
 186
 187<LocationMatch "^/auth-fetch/.*/git-upload-pack$">
 188        AuthType Basic
 189        AuthName "git-auth"
 190        AuthUserFile passwd
 191        Require valid-user
 192</LocationMatch>
 193
 194RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
 195RewriteCond %{REQUEST_URI} /git-receive-pack$
 196RewriteRule ^/half-auth-complete/ - [E=AUTHREQUIRED:yes]
 197
 198<Location /half-auth-complete/>
 199  Order Deny,Allow
 200  Deny from env=AUTHREQUIRED
 201
 202  AuthType Basic
 203  AuthName "Git Access"
 204  AuthUserFile passwd
 205  Require valid-user
 206  Satisfy Any
 207</Location>
 208
 209<IfDefine DAV>
 210        LoadModule dav_module modules/mod_dav.so
 211        LoadModule dav_fs_module modules/mod_dav_fs.so
 212
 213        DAVLockDB DAVLock
 214        <Location /dumb/>
 215                Dav on
 216        </Location>
 217        <Location /auth/dumb>
 218                Dav on
 219        </Location>
 220</IfDefine>
 221
 222<IfDefine SVN>
 223        LoadModule dav_svn_module modules/mod_dav_svn.so
 224
 225        <Location /${LIB_HTTPD_SVN}>
 226                DAV svn
 227                SVNPath "${LIB_HTTPD_SVNPATH}"
 228        </Location>
 229</IfDefine>