Re: SVN HTTP Policy

On Mar 1, 2007, at 07:48, Chris Alexander wrote:

> I recently installed svn over apache2 and am setting up the policy
> in dav_svn.conf.
>
> Basically, I want developers on our local LAN free access over
> standard HTTP without the need for a username and password. But
> outside our LAN I want them to login via a username and password
> over HTTPS for all functions (Read, Checkout, Commit, etc). I want
> it to point to the same repository ether way.
>
> Is there a way to first check the IP of the client then if it's not
> parts of the "trusted IPs" then ask for user authentication?

This is more of an Apache question than a Subversion question, but
yes, that should be possible. That is to say, I have done this on our
general intranet web site (unrelated to Subversion). See the Apache
docs:

 From http://httpd.apache.org/docs/2.2/mod/core.html#satisfy :

> For example, if you wanted to let people on your network have
> unrestricted access to a portion of your website, but require that
> people outside of your network provide a password, you could use a
> configuration similar to the following:
>
> Require valid-user
> Allow from 192.168.1
> Satisfy Any

Now, note that if people on your local network commit changes to the
repository, the revision will have an empty svn:author property.
That's probably not what you want. So if your local network access is
for read-only operations only, then that's fine, but if you want
local people to be committing changes, then you probably do not want
to do this, and you should enforce a username/password everywhere.

-- 
To reply to the mailing list, please use your mailer's Reply To All  
function
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org