[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: It this possible: disabling directory listings?

From: Matt Sickler <crazyfordynamite_at_gmail.com>
Date: 2007-01-17 22:13:40 CET

the best answer is probably:
You cant. At least not reliably.
Security through obscurity = no security.

 Besides, anyone can use the svn client to ls the directory anyway.

On 1/17/07, Andy Levy <andy.levy@gmail.com> wrote:
>
> On 1/17/07, Pekka Niiranen <pekka.niiranen@wlanmail.com> wrote:
> > Hi,
> >
> > I am using Apache and SSL with subversion database.
> > Users are asked to provide username + password both
> > when accessing repository thru DOS command line (svn update)
> > and when pointing their browsers to
> > https://<server name>/<subversion directory>.
> >
> > But how can I disable directory listings thru WWW -page?
> >
> > I would like the users to be able to access files ONLY
> > thru commands from DOS prompt.
>
> Write a rule in Apache denying access to User-Agents which match a
> pattern that catches "most" web browsers? Or, only allowing access to
> the User-Agent reported by Subversion clients?
>
> My command-line client reports a User-Agent of: SVN/1.4.0 (r21228)
> neon/0.26.1
>
> TortoiseSVN reports SVN/1.4.2 (r22196) neon/0.26.2
>
> Can't speak for other clients, but I think if you only allow
> User-Agents starting with SVN/ you'll lock out web browsers. Until
> someone figures out they can change their UA in their browser, anyway.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
Received on Wed Jan 17 22:14:12 2007

This is an archived mail posted to the Subversion Users mailing list.