private http repository

[Bill Barry]

That is essentially what I am doing...
2 physical directories mapped to seperate urls in apache:

ScriptAliasMatch    ^/pub(.*) /var/hg/pub/hgwebdir.cgi$1
<Directory /var/hg/pub>
  Options ExecCGI FollowSymLinks

  AuthType  Basic
  AuthName "repository"
  AuthUserFile /var/authentication/users.list
  <LimitExcept GET>
    Require valid-user
  </LimitExcept>
</Directory>

ScriptAliasMatch    ^/hg(.*) /var/hg/priv/hgwebdir.cgi$1
<Directory /var/hg/priv>
  Options ExecCGI FollowSymLinks

  AuthType  Basic
  AuthName "repository"
  AuthUserFile /var/authentication/company_users.list
  Require valid-user
</Directory>

Giorgos Keramidas wrote:
> On Thu, 19 Jun 2008 12:45:02 +0200, "hg user" <mercurialuser at gmail.com> wrote:
>   
>> Good morning,
>> I just created a mercurial http server using hgwebdir.cgi for publishing
>> several projects.
>>
>> Some are public (open-source) and have "allow_push = (userlist)", some
>> should be private. Using <Location> directive in the apache configuration
>> I'm able to have a password requested also for GET access....
>>
>> Now the question:
>> I need to hide some repositories, not just asking a password... they
>> shouldn't be listed (security by obscurity....)
>>
>> I tried the [paths] way but it doesn't work....
>>
>> I believe the only way is to create a new alias ( from /hg/
>> to... /myhg/ and having a new copy of hgwebdir.cgi and
>> hgwebdir.conf....) and protect /myhg/ with password...
>>     
>
> Two paths would be ok, I guess:
>
>     http://hg.server.org/hg/public/{public repositories here}
>     http://hg.server.org/hg/private/{'secret' repositories here}
>
> _______________________________________________
> Mercurial mailing list
> Mercurial at selenic.com
> http://selenic.com/mailman/listinfo/mercurial
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://selenic.com/pipermail/mercurial/attachments/20080619/4e0e0b4c/attachment.htm