Mercurial Apache Web Access Gives Me 403 Forbidden Access

Question

after trying to enable mercurial apache web access on my Ubuntu Server 12.04 box, I've got a 403 Forbidden error when accessing http://my.site.com/mercurial with log:

[Tue Sep 04 01:20:22 2012] [error] [client X.X.X.X] client denied by server configuration: /mercurial/hgweb.cgi

I have added this to /etc/apache2/sites-available/default

    ScriptAliasMatch ^/mercurial(.*) /mercurial/hgweb.cgi$1
    <Directory /var/www/mercurial>
            Options Indexes FollowSymlinks MultiViews ExecCGI
            Options None
            AllowOverride All
            Order allow,deny
            Allow from all
            AuthType Basic
            AuthName "Repositorio Mercurial"
            AuthUserFile /mercurial/hgusers
            Require valid-user
    </Directory>

This is strange, but apache does't asks me for password when trying to access the web server folder

[web] 
style = gitweb

[collections] 
/mercurial/repositories = /mercurial/repositories

/mercurial/hgwebconfig.cgi (on filesystem)

config = "/mercurial/hgweb.config"

I have linked /mercurial to /var/www/mercurial

Any advise will be really appreciated.

Thanks

Is `/mercurial` a filesystem path, or is everything in `/var/www/mercurial`? — Shane Madden, Sep 04 '12 at 04:36
Edited, I have linked /mercurial to /var/www/mercurial on filesystem — razor7, Sep 04 '12 at 12:31

score 0 · Accepted Answer · answered Sep 04 '12 at 16:00

0

Since you're using /mercurial (on the filesystem) as your script root, you need your authorization configuration there instead of on /var/www/mercurial, despite the fact that /mercurial symlinks to /var/www/mercurial. From the documentation of the Options directive:

Even though the server follows the symlink it does not change the pathname used to match against <Directory> sections.

So, move your access controlling <Directory> block to be for /mercurial - and you'll need a FollowSymLinks on / as well. (By the way, why does it have Options None right after the other Options directive?)

The symlink is making this a lot more complicated and confusing than it needs to be - I'd really recommend getting rid of that and using the /var/www/mercurial filesystem path, which will greatly simplify the situation.

answered Sep 04 '12 at 16:00

Shane Madden

112,982
12
174
248

OK, changed directory directive to this ScriptAliasMatch ^/mercurial(.*) /mercurial/hgweb.cgi$1 Options Indexes FollowSymlinks MultiViews ExecCGI AllowOverride All Order allow,deny Allow from all AuthType Basic AuthName "Repositorio Mercurial" AuthUserFile /mercurial/hgusers Require valid-user Also moved /mercurial to /var/www and edited hgweb.copnfig and hgweb.cgi, restarted apache, and got forbidden again – razor7 Sep 04 '12 at 16:33
orry, forgot to mention that i also have edited the line AuthUserFile /var/www/mercurial/hgusers in directory directive – razor7 Sep 04 '12 at 16:34
You'll still need `FollowSymLinks` enabled for `` - please consider getting rid of the symlink mess altogether, it'll make this a lot easier. Mind editing your question with your full current config? – Shane Madden Sep 04 '12 at 16:36

Mercurial Apache Web Access Gives Me 403 Forbidden Access

1 Answers1