Danny MacMillan wrote:
> Hi,
>
> I have a Subversion 1.3.0 repository being served up by Apache 2.0 on a
> FreeBSD 6.0-RELEASE-p6 machine. All software was installed from ports.
> I have made the repository available only through SSL, and only to
> authenticated users. I am experiencing strange behaviour when viewing
> the repository using a web browser.
>
> If I browse to the repository at the following URL:
>
> https://dev.example.com/projectname/svn
>
> I am prompted for credentials. So far so good. When I actually supply
> those credentials, though, the address bar changes to contain the
> following URL:
>
> http://dev.example.com/projectname/svn/
>
> Since I have 'SSLRequireSSL' in my apache config, this results in a
> 403 - Forbidden http response.
>
> If I instead browse to the following URL (in a new browser instance):
>
> https://dev.example.com/projectname/svn/
>
> I am prompted for credentials, and when I authenticate it works as
> expected. The only difference between the working and the non-working
> URLs is the trailing slash.
Yup, here comes the problem :-)
> My biggest concern here is that I have supplied credentials to an SSL
> encrypted site, but it looks like it is redirecting to an unencrypted
> site and it could be (and probably is) sending my credentials in the
> clear. Why is it doing this?
>
> Here are the relevant portions of my apache config. If something else
> is relevant and I didn't supply it, please let me know:
>
> <Location /projectname/svn>
> DAV svn
>
> # "/projectname/svn" URL will map to a repository /devroot/projectname/svn
> SVNPath /devroot/projectname/svn
>
> # Style the output.
> SVNIndexXSLT "/svnindex.xsl"
>
> # Connections must be made through SSL.
> SSLRequireSSL
>
> # Only authenticated users can use the repository.
> Require valid-user
>
> # How do we authenticate them?
> AuthType Basic
> AuthName "Secure Subversion Repository"
> AuthUserFile /usr/devroot/projectname/_common/auth/authentication
>
> # What are they authorized to do?
> AuthzSVNAccessFile /devroot/projectname/_common/auth/authorization
> </Location>
>
> <VirtualHost 192.168.1.251:443>
>
> # General setup for the virtual host
> ServerName dev.example.com
> ServerAdmin webmaster@example.com
> DocumentRoot /usr/local/www/data
> ErrorLog /var/log/dev.example.com-error_log
> CustomLog /var/log/dev.example.com-access_log common
>
> </VirtualHost>
>
> In the above, /devroot is a symbolic link to /usr/devroot (shouldn't
> matter though).
Try without the symlink first, it is a 1 minute test.
I guess part of the "irrelevant" apachec onfig is mangling the trailing slash.
Look for RewriteRule in your config file, then in the mod_rewrite documentation
and the Rewrite guide.
Just today I spent one day fighting my way with mod_rewrite - it is a mess :-)
Kalin.
--
|[ ~~~~~~~~~~~~~~~~~~~~~~ ]|
+-> http://ThinRope.net/ <-+
|[ ______________________ ]|
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Apr 18 05:40:33 2006