[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: It this possible: disabling directory listings?

From: Matt Sickler <crazyfordynamite_at_gmail.com>
Date: 2007-01-19 01:28:27 CET

Consider yourself lucky that you get the browser list page, as I have yet to
get that to work on my Apache 2.2 on FC6.
But really, what is wrong with it?
Its not buggy and as the other guy said, no scripted pages will be executed,
so theres nothing to worry about.

On 1/18/07, Pekka Niiranen <pekka.niiranen@wlanmail.com> wrote:
>
> Matt Sickler wrote:
> > the best answer is probably:
> > You cant. At least not reliably.
> > Security through obscurity = no security.
>
> Security through obscurity = no security?
> True. But more clients allowed => more documentation
> needed (browse settings) + more buggy software to worry about.
>
> >
> > Besides, anyone can use the svn client to ls the directory anyway.
> >
> > On 1/17/07, *Andy Levy* <andy.levy@gmail.com
> > <mailto:andy.levy@gmail.com>> wrote:
> >
> > On 1/17/07, Pekka Niiranen <pekka.niiranen@wlanmail.com
> > <mailto:pekka.niiranen@wlanmail.com>> wrote:
> > > Hi,
> > >
> > > I am using Apache and SSL with subversion database.
> > > Users are asked to provide username + password both
> > > when accessing repository thru DOS command line (svn update)
> > > and when pointing their browsers to
> > > https://<server name>/<subversion directory>.
> > >
> > > But how can I disable directory listings thru WWW -page?
> > >
> > > I would like the users to be able to access files ONLY
> > > thru commands from DOS prompt.
> >
> > Write a rule in Apache denying access to User-Agents which match a
> > pattern that catches "most" web browsers? Or, only allowing access
> to
> > the User-Agent reported by Subversion clients?
> >
> > My command-line client reports a User-Agent of: SVN/1.4.0 (r21228)
> > neon/0.26.1
> >
> > TortoiseSVN reports SVN/1.4.2 (r22196) neon/0.26.2
> >
> > Can't speak for other clients, but I think if you only allow
> > User-Agents starting with SVN/ you'll lock out web browsers. Until
> > someone figures out they can change their UA in their browser,
> anyway.
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > <mailto:users-unsubscribe@subversion.tigris.org>
> > For additional commands, e-mail: users-help@subversion.tigris.org
> > <mailto:users-help@subversion.tigris.org>
> >
> >
>
>
>
Received on Fri Jan 19 01:29:00 2007

This is an archived mail posted to the Subversion Users mailing list.