On 21.05.2012 23:00, Tony Stevenson wrote:
> Earlier today I was asked to open a few children from a repo that is essentially close by default.
> Some background information:
> This setup allows commits only via an https vhost, ad this is working perfectly. The http vhost is configured to not allow read-only access to the entire repo (as is the case with the main ASF repo).
> We are running apache httpd 2.2, and subversion 1.7 - from ubuntu apt repos.
> REPOROOT = /x1/source.caret.cam.ac.uk/repos/svn
> WEBROOT = http://source.caret.cam.ac.uk/svn/
> PUBLICCHILD = http://source.caret.cam.ac.uk/svn/projects/talks.cam/
> We do not want to make the webroot publicly readable, but we did want to make publicchild publicly readable. The only way I could make this happen, was to use the config below. Basically we had to allow "GET OPTIONS PROPFIND REPORT" for the WEBROOT. You can see, that we then do go on to explicitly deny all but a couple of options to prevent listing the entire repo.
> With this it seems that dav_svn needs access to the root of the repo to be able to list contents of child folders.
> If we take away "GET REPORT" from WEBROOT, and then goto PUBLIC child it will display an emtpy folder. But you can enter the name of a subfolder in the browser, and that will also open, again with no contents.
So ... if I understand what you're trying to do: you want to publish the
contents of a subtree in the repo as a "web site", not as a read-only
SVN repository, yes? Because you can get the latter with Subversion's
access control configuration.
in that case, hide the read-only repository location in a localhost
vhost, then on the public IP, just create a proxy that forwards GET to a
subset of that.
Received on 2012-05-25 08:59:28 CEST