Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Approach to restrict repository deletion in Bitbucket server through HAProxy load balancer

Jira Support
Jira Support March 31, 2021

Environment : Bitbucket Version - 5.16.0, HAProxy Load Balancer - 1.5.18
Requirement : Restrict deletion of repository from Bitbucket server and display an appropriate error message stating that the "User does not have delete permissions" with error code 403.
We have the HAProxy configured as Load balancer which will redirect the requests to Bitbucket servers.
Options tried on HAProxy server:

Edited the haproxy.cfg file as below :


Option 1:

frontend web-frontend
bind *:80
mode http
option httplog

capture request header X-Forwarded-For len 15
acl url_check path_reg \/projects\/([A-Za-z]+)\/repos\/([A-Za-z0-9]+)$
acl method_check method DELETE
use_backend bitbucket_del_repo_error if url_check method_check


frontend webhttps-frontend
bind *:443 ssl crt /etc/ssl/agile-test.pem
mode http

option httplog
capture request header X-Forwarded-For len 15
acl url_check path_reg \/projects\/([A-Za-z]+)\/repos\/([A-Za-z0-9]+)$
acl method_check method DELETE
use_backend bitbucket_del_repo_error if url_check method_check

backend bitbucket_del_repo_error
mode http
errorfile 403 /var/www/403.http
errorfile 503 /var/www/503.http

Option 2: To display the custom error page through HAProxy, tried the tollowing types of displaying the custom error file present in the HAProxy server
1. http-request deny if url_check method_check
2. block if url_check method_check
3. http-request redirect code 403 location /var/www/403uri.http if url_check method_check
4. redirect location /var/www/403uri.http if url_check method_check

However, when we try to delete the Bitbucket repository through POSTMAN, using the following URL, a proper error page with error code (403 - forbidden) is displayed as the response in POSTMAN.
URL tried is : https://<bitbucket-host>/projects/<project-key>/repos/<repository-name>

But when we click on "Delete Repository" button in the repository settings page, a popup window appears asking if you really want to delete. If we click Yes/Delete option, we get the following error message "Something went wrong while trying to serve your request. Try reloading the page"

Questions:
1. Are we following the proper approach for restricting repository deletion through HAProxy load balancer?
2. Is there any other approach to restrict the repository deletion from Bitbucket server and display a proper error message?

Answer
Watch
Like Be the first to like this
322 views

1 answer

1 vote
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 31, 2021

@Jira Support 

 

Any options to upgrade your BB instance.

https://confluence.atlassian.com/bitbucketserver/bitbucket-server-7-4-release-notes-1013849643.html staring with 7.4 you have the option (at least in DC) to control who is able to delete repos

 

In case of older version you might want to check the comments in https://jira.atlassian.com/browse/BSERV-10718

 

Hope that helps

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events