My organisation is trying to block 'git push' to repositories on sites like Github, Gitlab etc. Currently they have blocked the website, however users are still able to clone and push code via git. Git protocol uses port 9418, however the URL to clone uses https or SSH protocol. How can we block just push, or push and clone for Github while keeping the website running as vital documentation is published on Github.com.
Asked
Active
Viewed 475 times
0
-
1https - transparant proxy and block by url, headers, ssh - block by dst ip and dst port – gapsf Sep 28 '22 at 15:56
-
https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols – gapsf Sep 28 '22 at 16:08
-
Did you managed to block it? – Krunal Apr 19 '23 at 12:55
-
See answer below @Krunal – Birla May 29 '23 at 07:22
1 Answers
0
We achieved this be not allowing users to login into Github thereby removing any possibilities of them pushing code to Github. The pull works for public repositories, but not for private as that would require them to login to Github as well.
In the end, we have 3 levels of Github access in the ORG:
- Github is blocked (no access to the website and Git protocol)
- Github is unblocked, but login URLs are blocked (can't push, but can pull public repos).
- Github and its login URLs are unblocked (can push, and pull from public and private repositories).
Birla
- 130
- 5
-
Thanks for sharing that. Can you please add more details on how did you implemented it? Using firewall or something else? What URLs you blocked for blocking login? – Krunal May 29 '23 at 10:18