[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN Apache Authorization Fine Tuning

From: Chaim Keren Tzion <chaim_at_intercomp.co.il>
Date: 2007-05-24 17:06:54 CEST

Thanks RG,

However, your suggestion below does not seem to have the disired effect.

From the documentation:
"<LimitExcept> and </LimitExcept> are used to enclose a group of access
control directives which will then apply to any HTTP access method NOT listed
in the arguments"

In other words the original "GET PROPFIND OPTIONS REPORT" will always be
allowed. The enclosed rules can only be used to expand those permissions. I
need to restrict those permissions, so I will either need to enclose the
<LimitExcept> inside of some rule which will restrict it only to the local
network before the <LimitExcept> directive or perhaps I should use the less
recommended <Limit> directive somehow. Or something else?

Chaim

> Subject: Re: SVN Apache Authorization Fine Tuning
> Date: Tuesday 22 May 2007 16:39
>
> Read more here:
> http://httpd.apache.org/docs/trunk/
> http://httpd.apache.org/docs/trunk/mod/mod_access_compat.html
>
>
> Anonymous access allowed from your internal 10.0.0.0/24 network
>
> <Directory /svn>
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Options +FollowSymLinks
> AllowOverride None
> order deny,allow
> deny from all
> allow from 10.0.0.0/24
> Require valid-user
> </LimitExcept>
> </Directory>
>
> -RG
>
> Chaim Keren Tzion wrote:
> > Hi,
> >
> > I am running Subversion through Apache/2.2.3.
> >
> > I would like to set it up so that:
> > 1. From within the LAN, Anonymous users can only checkout (read-only)
> > 2. From within the LAN, Authenticated users can check in and out
> > (read-write) 3. From outside the LAN, Anonymous users should be rejected
> > altogether and Authenticated users should get read-write rights.
> >
> > So far I have the config below which works for the internal network as
> > desired but I don't know how to procede with the config for external
> > connections.
> >
> > <LimitExcept GET PROPFIND OPTIONS REPORT>
> > Require valid-user
> > </LimitExcept>
> >
> > Any ideas?
> >
> > PS. I realize that this is primarily an Apache issue but being that this
> > type of configuration is common in Subversion I felt it was okay to post
> > here.
> >
> > TIA,
> > Chaim

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu May 24 17:07:57 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.