Skip to content

Apache ProxyPass exclusion for the uploads #10

Closed
schwindelbub opened this Issue Sep 24, 2012 · 4 comments

5 participants

@schwindelbub

The uploads should not be served through the proxy.

#serve the uploads without proxy
ProxyPass /uploads !
@maquefel
maquefel commented Nov 2, 2012

Apache2 2.2.22

<Location /uploads>
        Order allow,deny
        Allow from all
</Location>
@nickbroon

In a production environment, the same is also the case with /assets as rails will not server these.

@mediarox
mediarox commented Feb 8, 2013

In my case i must added

ProxyPass /uploads !

and

<Directory /absolute/path/to/gitlab/uploads>
    Order allow,deny
    Allow from all
</Directory>

to my vhost file. Note that the <Directory>-directive only accept absolute paths.

The <Location> -directive is also an alternative, but the Apache documentation Link says is not recommended for files that are within the document root.

Apache/2.2.23

@axilleas axilleas added a commit that referenced this issue Aug 5, 2013
@axilleas axilleas Enhance existing apache config. Implement #50, #79, #93. Fix #10
Beware that adding `ProxyPass /uploads !` would be a security issue,
since uploads are publicly available without any authentification by default.

See: gitlabhq/gitlabhq#348 (comment)
be95bd4
@axilleas
GitLab member
axilleas commented Aug 5, 2013

Implemented in above commit!

@axilleas axilleas closed this Aug 5, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.