#
#	Web server configuration for LXR root directory
#	From thr LXR Installation with restrictions to prevent all 
#	users from accessing LXR
#
#	$Id: htaccess-generic,v 1.9 2014/03/10 16:40:27 ajlittoz Exp $
#
#	Content of this file is independent of the location of
#	the LXR root directory.
#	Need for user-customization should be very limited.
#	Eventually, access to LXR root directory can be relaxed.
#	Default is very restrictive.
#
# Cannot grant Apache 2.2/2.4 implicit compatibility because Require
# directive syntax and semantics changed between releases.
# When updating 2.2 -> 2.4, uncomment 2.4 specific lines


# Enable CGI script execution and use of symlinks
Options ExecCGI FollowSymlinks

		# up to Apache 2.2
#	Order deny,allow
		# from Apache 2.4
#	No directive needed


# =================================================
#
# -----------    Access restrictions    -----------
#

# Do not allow to list directories content
# NOTE: remove - sign when debugging LXR installation so that you
#		can see what's really in the directories.
Options -Indexes

# Forbid direct access to any file in LXR root and its subdirectories
<FilesMatch ".">
		# up to Apache 2.2
#	Deny from all
		# from Apache 2.4
	Require all denied
</FilesMatch>

# But allow access to style sheets
<FilesMatch "\.css$">
		# up to Apache 2.2
#	Allow from all
		# from Apache 2.4
	Require all granted
</FilesMatch>
# and graphic files (for icons)
<FilesMatch "\.(bmp|gif|icon?|jpe?g|png|svg|tiff?)$">
		# up to Apache 2.2
#	Allow from all
		# from Apache 2.4
	Require all granted
</FilesMatch>
# VIX - Allow access to test file so that Release Manager Web Server
#       can probe for LXR access
<Files "source.test">
	Require all granted
</Files>

# =================================================
#
# ----------- LXR scripts configuration -----------
#
#
<Files ~ (search|source|ident|diff|showconfig)$>
		# up to Apache 2.2
#	Allow from all
		# from Apache 2.4
	#Require all granted
	# VIX - Limit access to Domain Users eho are also members of the
	#       svn.perdev group
	#
	#	Access granted to everybody
        <RequireAll>
                AuthLDAPBindDN "CN=ldap.buildsystem,DC=vix,DC=local"
                AuthLDAPBindPassword VixPass.2016
                AuthLDAPURL ldap://10.0.0.10:389/DC=vix,DC=local?sAMAccountName?sub?(objectClass=*)

                AuthType Basic
                AuthName "VIX Realm"
                AuthBasicProvider ldap

                AuthLDAPGroupAttributeIsDN on
                AuthLDAPGroupAttribute member
                require ldap-group CN=svn.perdev,OU=Groups,DC=vix,DC=local
        </RequireAll>
	 # End VIX insert

	# *** mod_perl use ***
	<IfModule mod_perl.c>
		SetHandler perl-script

		# Configuration parameters changed between mod_perl versions:
		<IfDefine MODPERL2>
			PerlOptions +ParseHeaders
		# Apache can dispatch execution according to 2 modes.
		# mod_perl initialization differs slightly:
			<IfModule prefork.c>
				PerlHandler ModPerl::RegistryPrefork
			</IfModule>
			<IfModule worker.c>
				PerlHandler ModPerl::Registry
			</IfModule>
		</IfDefine>

		<IfDefine !MODPERL2>
			PerlSendHeader On
			PerlHandler Apache::Registry
		</IfDefine>

	</IfModule>

	# *** CGI use ***
	<IfModule !mod_perl.c>
		SetHandler cgi-script
	</IfModule>

</Files>