Merge branch 'kb/full-history-compute-treesame-carefully-2'
[gitweb.git] / Documentation / git-http-backend.txt
index cad18ceb9dcb14b4ef2cc7871ffa0ae0205c07cd..e3bcdb50e30ea984cb8ae842df0cf1e561e32a62 100644 (file)
@@ -80,7 +80,30 @@ ScriptAlias /git/ /usr/libexec/git-core/git-http-backend/
 ----------------------------------------------------------------
 +
 To enable anonymous read access but authenticated write access,
-require authorization with a LocationMatch directive:
+require authorization for both the initial ref advertisement (which we
+detect as a push via the service parameter in the query string), and the
+receive-pack invocation itself:
++
+----------------------------------------------------------------
+RewriteCond %{QUERY_STRING} service=git-receive-pack [OR]
+RewriteCond %{REQUEST_URI} /git-receive-pack$
+RewriteRule ^/git/ - [E=AUTHREQUIRED:yes]
+
+<LocationMatch "^/git/">
+       Order Deny,Allow
+       Deny from env=AUTHREQUIRED
+
+       AuthType Basic
+       AuthName "Git Access"
+       Require group committers
+       Satisfy Any
+       ...
+</LocationMatch>
+----------------------------------------------------------------
++
+If you do not have `mod_rewrite` available to match against the query
+string, it is sufficient to just protect `git-receive-pack` itself,
+like:
 +
 ----------------------------------------------------------------
 <LocationMatch "^/git/.*/git-receive-pack$">
@@ -207,13 +230,6 @@ auth.require = (
 # ...and set up auth.backend here
 ----------------------------------------------------------------
 +
-Note that unlike the similar setup with Apache, we can easily match the
-query string for receive-pack, catching the initial request from the
-client. This means that the server administrator does not have to worry
-about configuring `http.receivepack` for the repositories (the default
-value, which enables it only in the case of authentication, is
-sufficient).
-+
 To require authentication for both reads and writes:
 +
 ----------------------------------------------------------------