[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: same repository using http & https

From: Robin Becker <robin_at_reportlab.com>
Date: 2004-06-10 13:53:07 CEST

Toby Johnson wrote:
> Robin Becker wrote:
>
......
> Probably your biggest problem here is the fact that ssl.conf isn't
> really a separate configuration file that Apache uses for only https.
> Rather, it gets wholly included into httpd.conf at startup. Look for a
> line like "Include conf.d/*.conf" in httpd.conf; in effect, that line
> gets replaced with the contents of all .conf files in the conf.d
> directory. Some Linux distros do this to make managing httpd-specific
> packages easier (they can just create the .conf files they need instead
> of editing the monolithic httpd.conf), but I always find it annoying and
> just make one httpd.conf with all my settings, and remove the "Include"
> line.
>
> So, your general "Location /svn" block is getting wiped out by the more
> specific "Location /svn/public" block for ALL requests, whether http or
> https. I believe the way to achieve what you want is to create two
> separate <VirtualHost> blocks. They can both use the same IP, but
> different ports (80 and 443 for http and https, respectively).
>
> <VirtualHost 10.1.2.3:80>
> DocumentRoot /www/docs/host.foo.com
> ServerName host.foo.com
> ....
>
> <VirtualHost 10.1.2.3:443>
> DocumentRoot /www/docs/host.foo.com
> ServerName host.foo.com
> SSLEngine on
> ....

..... I think you may be right about the /svn/public vs /svn, however, my
sslconf stuff is inside a virtual host.

I have a 'solution' as follows

httpd.conf
<Location /svn>
         DAV svn
         SVNParentPath /svn
         Satisfy Any
         AuthzSVNAccessFile /HTTPD/etc/svn_access
         AuthType Basic
         AuthName "Subversion Repository"
         AuthUserFile /dev/null #TRICK to fail all users
         Require valid-user
</Location>

ssl.conf
<Location /svn>
         DAV svn
         SVNParentPath /svn
         AuthzSVNAccessFile /HTTPD/etc/svn_access
         Satisfy Any
         AuthType Basic
         AuthName "Subversion Repository"
         AuthUserFile /HTTPD/etc/passwd
         Require valid-user
</Location>

now both http https have similar setups, but no password can be successful for
the http route; both http and https can read the public repository without a
password, but anything that requires a password fails under http and may succeed
  via https. I would prefer that the http password requests should fail
immediately, but am unable to see a way to prevent read access to
http://host/svn/private without using the AuthzSVNAccessFile. 

-- 
Robin Becker
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Jun 10 13:54:37 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.