Re: [users@httpd] a rather tricky mod_rewrite problem?

Sun, 16 Nov 2008 14:25:23 -0800 

[EMAIL PROTECTED] wrote:

RewriteCond %{REMOTE_USER} ^([a-z0-9_]+)$
RewriteRule ^/mysvn/(.*) /svn/%1/$1 [L]

The first line places a valid username into %1.
The second rewrites "/mysvn/something" to "/svn/bob/something" when
the REMOTE_USER is "bob".
Invalid usernames will not pass the condition so "/mysvn" should
display an error or login page when the Rewrite is bypassed.

solprovider

So far I've done this:

<Location /svn>
        RewriteEngine on
        RewriteRule /svn/(.*)$ /svn-repo/%{REMOTE_USER}/$1 [PT]
        AuthType Basic
        AuthName "SVN repos"
        AuthUserFile /var/svn/svnauth
        Require Valid-User
</Location>

<Location /svn-repo>
        ## Here so the RewriteRule is executed BEFORE the SVN is loaded?
        DAV svn
        SVNParentPath /var/svn/
</Location>
Its a hack, but my problem arises that anyone can browse anyone's svn repo if they know that /svn-repo/xxx/ exists. I considered adding this to /svn-repo/: 
        RewriteEngine On
        RewriteCond %{REQUEST_URI} !/svn-repo/%{REMOTE_USER}/ [OR]
        RewriteCond %{REQUEST_URI} =/svn-repo/ [OR]
        RewriteCond %{REQUEST_URI} !/svn-repo/%{REMOTE_USER}/.*
        RewriteRule %{REQUEST_URI} /svntroll/ [G]

but it never executes... dav_svn comes in //before// rewrite.
/svntroll/ contains a simple page saying "dont do that, go to /svn/!"
My other idea though is to make it so that /svn-repo handles the authentication, and in Require: its the name of the user (ie the call comes in for /svn-repo/bob/, it does a require-user: bob) 

I would implement this using the following:
<Location /svn-repo>
        AuthType Basic
        AuthName "SVN Repos"
        AuthUserFile /var/svn/svnauth
        Require %{REMOTE_USER}

        DAV svn
        SvnParentPath /var/svn/
</Location>
<Location /svn>
        RewriteEngine on
RewriteRule /svn/(.*)$ /svn-repo/%{REMOTE_USER}/$1 ([PT]? -- any other options?) 
        AuthType Basic
        AuthName "SVN Repos"
        AuthUserFile /var/svn/svnauth
        Require Valid-User
</Location>

Would this work? or would the realm problem exist?

-Morgan Gangwere


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to