SSLRequireSSL for activities requiring password?

From: Toshio <toshio_at_tiki-lounge.com>
Date: 2003-12-08 16:24:56 CET

Hi all,

I set up subversion successfully for the first time on a Fedora-1 box
today but have an apache-subversion config question.

In my apache config I have:

<Location /svn>
   DAV svn
   SVNParentPath /var/lib/svnroot

<LimitExcept GET PROPFIND OPTIONS REPORT>
      # Require SSL connection for password protection.
      SSLRequireSSL
      AuthType Basic
      AuthName "Subversion Authorization Realm"
      AuthUserFile /etc/httpd/subversion-passwd
      Require valid-user
</LimitExcept>
</Location>

which I expected to allow anonymous read access to the repository via
http://localhost/svn/ReposName
and authenticated write to:
https://localhost/svn/ReposName

Instead I am getting PROPFIND 403 Forbidden messages from the client
and access failed: SSL connection required in my apache logs when I try
to use plain http. (https works fine on all fronts.)

Does anyone know if it's expected behavior for SSLRequireSSL to
disregard <LimitExcept>? Should I really be asking this on a mod_ssl
list? (Also -- is it silly of me to want to have identical paths for
unauthenticated and authenticated repository access? Is best practice
to have two entirely separate repositories?)

Many thanks,
Toshio

-- 
Toshio <toshio@tiki-lounge.com>

application/pgp-signature attachment: This is a digitally signed message part

Received on Mon Dec 8 16:25:46 2003

This message: [ Message body ]
Next message: Michael Wood: "Re: post commit hook and smtp authentication"
Previous message: Julian Foad: "Re: server hooks for post-commit metadata modifications?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]