Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Approach to restrict repository deletion in Bitbucket server through HAProxy load balancer

Edited

Environment : Bitbucket Version - 5.16.0, HAProxy Load Balancer - 1.5.18
Requirement : Restrict deletion of repository from Bitbucket server and display an appropriate error message stating that the "User does not have delete permissions" with error code 403.
We have the HAProxy configured as Load balancer which will redirect the requests to Bitbucket servers.
Options tried on HAProxy server:

Edited the haproxy.cfg file as below :


Option 1:

frontend web-frontend
bind *:80
mode http
option httplog

capture request header X-Forwarded-For len 15
acl url_check path_reg \/projects\/([A-Za-z]+)\/repos\/([A-Za-z0-9]+)$
acl method_check method DELETE
use_backend bitbucket_del_repo_error if url_check method_check


frontend webhttps-frontend
bind *:443 ssl crt /etc/ssl/agile-test.pem
mode http

option httplog
capture request header X-Forwarded-For len 15
acl url_check path_reg \/projects\/([A-Za-z]+)\/repos\/([A-Za-z0-9]+)$
acl method_check method DELETE
use_backend bitbucket_del_repo_error if url_check method_check

backend bitbucket_del_repo_error
mode http
errorfile 403 /var/www/403.http
errorfile 503 /var/www/503.http

Option 2: To display the custom error page through HAProxy, tried the tollowing types of displaying the custom error file present in the HAProxy server
1. http-request deny if url_check method_check
2. block if url_check method_check
3. http-request redirect code 403 location /var/www/403uri.http if url_check method_check
4. redirect location /var/www/403uri.http if url_check method_check

However, when we try to delete the Bitbucket repository through POSTMAN, using the following URL, a proper error page with error code (403 - forbidden) is displayed as the response in POSTMAN.
URL tried is : https://<bitbucket-host>/projects/<project-key>/repos/<repository-name>

But when we click on "Delete Repository" button in the repository settings page, a popup window appears asking if you really want to delete. If we click Yes/Delete option, we get the following error message "Something went wrong while trying to serve your request. Try reloading the page"

Questions:
1. Are we following the proper approach for restricting repository deletion through HAProxy load balancer?
2. Is there any other approach to restrict the repository deletion from Bitbucket server and display a proper error message?

1 answer

@Jira Support 

 

Any options to upgrade your BB instance.

https://confluence.atlassian.com/bitbucketserver/bitbucket-server-7-4-release-notes-1013849643.html staring with 7.4 you have the option (at least in DC) to control who is able to delete repos

 

In case of older version you might want to check the comments in https://jira.atlassian.com/browse/BSERV-10718

 

Hope that helps

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

New improvements to user management in Bitbucket Cloud 👥

Hey Community! We’re willing to wager that quite a few of you not only use Bitbucket, but administer it too. Our team is excited to share that we’ll be releasing improvements throughout this month of...

3,792 views 10 16
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you