New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Personal repositories are not accessible via mod_proxy #489

Closed
gitblit opened this Issue Aug 12, 2015 · 2 comments

Comments

Projects
None yet
1 participant
@gitblit
Owner

gitblit commented Aug 12, 2015

Originally reported on Google Code with ID 193

What steps will reproduce the problem?
1. Create a personal repository (I forked an existing repository)
2. Access the personal repository directly via the HTTP connector, notice this works
3. Access the personal repository via an Apache mod_proxy setup, notice that this fails

What is the expected output? What do you see instead?

The URL produced by gitblit appears to have URI encoded the slash between ~user and
the repository name.

e.g.:

~/user%2Frepo.git Succeeds direct to gitblit, fails via Apache
~/user/repo.git Fails direct and via Apache

The error message from Apache when accessing ~/user%2Frepo.git reports ~/user/repo.git
as not being found, indicating it is decoding the %2F prior to passing it on.

What version of the product are you using? On what operating system?

Gitblit GO 1.2.1 ...

Please provide any additional information below.

URI encoded URI parts (e.g. / to %2F) are problematic for many web servers and proxy
agents (e.g. mod_jk etc.), and many will aggressively decode or block such URIs to
combat URI traversal attacks. Avoiding them would be a good idea.

Reported by ultradodge on 2013-01-31 21:18:59

@gitblit

This comment has been minimized.

Owner

gitblit commented Aug 12, 2015

The FAQ appears to address this - setting web.forwardSlashCharacter = ! avoids the problem.

Reported by ultradodge on 2013-01-31 21:38:06

@gitblit

This comment has been minimized.

Owner

gitblit commented Aug 12, 2015

Yup.  Proxies and Tomcat are both problematic for embedded forward slashes.

Reported by James.Moger on 2013-01-31 21:43:11

  • Status changed: Duplicate

@gitblit gitblit closed this Aug 12, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment