[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

COPY and reverse-proxies

From: Konrad Rosenbaum <konrad_at_silmor.de>
Date: 2006-12-29 20:44:45 CET

Hi,

in order to limit the damage if one of my dozens of web applications is
exploited by the script kiddie of the day, I have my subversion running on
one Apache instance in the background and access it through a reverse proxy
Apache that is visible to the world (and unifies over a dozen background
Apaches into different vhosts/URLs inside its own namespace).

Now the problem is: if I try to commit a change that contains a copy
operation I get "502 Bad Gateway" back from SVN.

I traced this back to be generated by mod_dav in my SVN-background Apache,
since it does not like the URL in the Destination header.

SVN sends to the proxy (Apache/SSL):
COPY /svn/old/path HTTP/1.1
Host: myserver.tld
Destination: https://myserver.tld/svn/new/path
....

The proxy only rewrites the request URL, but not the other headers, so the
SVN-Apache (Apache without SSL) receives:
COPY /svn/old/path HTTP/1.1
Host: svn.myserver.tld:10600
Destination: https://myserver.tld/svn/new/path
....

...and immediately recognizes that it is definitely not responsible for
serving https, let alone myserver.tld or even port 443. So it does not show
the the request to SVN, but instead sends back a 502 error.
(I found that with the help of tcpdump, LogLevel debug and a good long look
into the mod_dav sources.)

None of the Apache-Modules seems to be able to handle this situation:

mod_rewrite is very happy to rewrite URLs, but that is already taken care of
in mod_proxy

mod_headers is not able to change parts of headers, only to staticly
override them (actually the trunk version of this module does have an edit
functionality that does what I want, but running Apache/trunk is no option)

mod_ext_filter only filters the body

Does anyone have a solution for this? Is mod_perl able to do such magic? (If
yes: how? Unfortunately I'm not very familiar with this mod or Perl.)

Or do I need to backport the new mod_headers?

        Konrad

  • application/pgp-signature attachment: stored
Received on Fri Dec 29 20:45:06 2006

This is an archived mail posted to the Subversion Users mailing list.