Environment : Bitbucket Version - 5.16.0, HAProxy Load Balancer - 1.5.18
Requirement : Restrict deletion of repository from Bitbucket server and display an appropriate error message stating that the "User does not have delete permissions" with error code 403.
We have the HAProxy configured as Load balancer which will redirect the requests to Bitbucket servers.
Options tried on HAProxy server:
Edited the haproxy.cfg file as below :
Option 1:
frontend web-frontend
bind *:80
mode http
option httplog
capture request header X-Forwarded-For len 15
acl url_check path_reg \/projects\/([A-Za-z]+)\/repos\/([A-Za-z0-9]+)$
acl method_check method DELETE
use_backend bitbucket_del_repo_error if url_check method_check
frontend webhttps-frontend
bind *:443 ssl crt /etc/ssl/agile-test.pem
mode http
option httplog
capture request header X-Forwarded-For len 15
acl url_check path_reg \/projects\/([A-Za-z]+)\/repos\/([A-Za-z0-9]+)$
acl method_check method DELETE
use_backend bitbucket_del_repo_error if url_check method_check
backend bitbucket_del_repo_error
mode http
errorfile 403 /var/www/403.http
errorfile 503 /var/www/503.http
Option 2: To display the custom error page through HAProxy, tried the tollowing types of displaying the custom error file present in the HAProxy server
1. http-request deny if url_check method_check
2. block if url_check method_check
3. http-request redirect code 403 location /var/www/403uri.http if url_check method_check
4. redirect location /var/www/403uri.http if url_check method_check
However, when we try to delete the Bitbucket repository through POSTMAN, using the following URL, a proper error page with error code (403 - forbidden) is displayed as the response in POSTMAN.
URL tried is : https://<bitbucket-host>/projects/<project-key>/repos/<repository-name>
But when we click on "Delete Repository" button in the repository settings page, a popup window appears asking if you really want to delete. If we click Yes/Delete option, we get the following error message "Something went wrong while trying to serve your request. Try reloading the page"
Questions:
1. Are we following the proper approach for restricting repository deletion through HAProxy load balancer?
2. Is there any other approach to restrict the repository deletion from Bitbucket server and display a proper error message?
Any options to upgrade your BB instance.
https://confluence.atlassian.com/bitbucketserver/bitbucket-server-7-4-release-notes-1013849643.html staring with 7.4 you have the option (at least in DC) to control who is able to delete repos
In case of older version you might want to check the comments in https://jira.atlassian.com/browse/BSERV-10718
Hope that helps
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.