Separate security directives for each repository in hgweb and Apache

Question

I have several Mercurial repositories published using hgweb and secured with Apache 2.2

Is there any way to have multiple security configurations?

I'd like to have a default configuration for most repositories, and then separate configurations for specific repositories.

The httpd.conf file looks like this

WSGIScriptAlias /hg "C:/hg/hgweb/hgweb.wsgi"

<Directory "/hg/repo_one">
    Order deny,allow
    AuthType Basic
    AuthName "R1 Secure Area"
    AuthBasicProvider file 

    AuthUserFile c:/apache2.2/repo_one.pwd
    Require valid-user
</Directory>

<Directory "/hg">
    Order deny,allow
    AuthType Basic
    AuthName "Secure Area"
    AuthBasicProvider file 

    AuthUserFile c:/apache2.2/passwords
    Require valid-user
</Directory>

Answer 1

Here's what I did to get this working.

I moved the repository that needed separate security into its own directory that was a siblng, not a child, and made a copy of the hgweb.wsgi.

My directory structure now looks like this

c:\hg-pub\hgweb.wsgi
c:\hg-pub\hgweb.config
c:\hg-pub\repo-one\.hg
...
c:\hg\hgweb.wsgi
c:\hg\hgweb.config
c:\hg\repo-two\.hg
c:\hg\repo-three\.hg

And my httpd.conf file looks like this

WSGIScriptAlias /hg "C:/hg/hgweb.wsgi"
WSGIScriptAlias /pub/hg "C:/hg-pub/hgweb.wsgi"

<Directory "C:/hg-pub">
    Order deny,allow
    AuthType Basic
    AuthName "R1 Secure Area"
    AuthBasicProvider file 

    AuthUserFile c:/apache2.2/repo_one.pwd
    Require valid-user
</Directory>

<Directory "C:/hg">
    Order deny,allow
    AuthType Basic
    AuthName "Secure Area"
    AuthBasicProvider file 

    AuthUserFile c:/apache2.2/passwords
    Require valid-user
</Directory>

The important things to note are

1. The two repository locations are completely separate on disk
2. The two WSGIScriptAlias paths are completely independent