Friends, a while ago you helped me get the 'custom log' working for
Subversion running upon Apache2 upon Debian (which has its own quirks it
appears) for which I'm most grateful.
I've now decided it'd be useful to restrict read access to the
Subversion repositories (they already require a htpasswd
username-password combo) to particular IP addresses. I've tried my usual
trick
<Directory /var/www/dir2protect>
Order Deny,Allow
deny from all
allow from 130.101
</Directory>
in each of /etc/apache2/apache2.conf
& /etc/apache2/mods-available/dav_svn.conf
& /etc/apache2/sites-available/default but can't get it to work. For
this instance, the Subversion folder lives not in /var/www but
in /usr/local/SUBVERSION Here's the relevant part of
/etc/apache2/mods-available/dav_svn.conf:
<Location /svn>
DAV svn
SVNParentPath /usr/local/SUBVERSION
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
</Location>
I've tried both /svn and /usr/local/SUBVERSION for the 'Directory' to
deny IP access from but without avail.
Anybody else got this working (under DEBIAN)???
Thanks, Michael
-------- Forwarded Message --------
> From: michael <cs_at_networkingnewsletter.org.uk>
> To: users_at_subversion.tigris.org
> Cc: debian user <debian-user_at_lists.debian.org>,
> webmaster_at_debian-administration.org
> Subject: Re: how can I redirect Subversion/apache msgs to a new file
> Date: Thu, 17 Jan 2008 17:41:11 +0000
>
> On Thu, 2008-01-17 at 12:22 -0500, Kris Deugau wrote:
> > michael wrote:
> > > Glad you've both got it working.
> >
> > I'm afraid I have to add a "Works for me too!" to that; I just added
> > SVN action logging to one vhost, checked out and committed to a test
> > repo; switched the working copy to an alternate vhost, and added action
> > logging (to a different file) to that vhost. No errors, action logs
> > showed up as they should.
> >
> > > I'm using a Debian dist of Apache2
> > > which, if I understand correctly, doesn't use httpd.conf but for general
> > > stuff uses apache2.conf and for modules uses the relevant module conf
> > > file eg mods-available/dav_svn.conf
> >
> > Mmmh. Debian has introduced a very flexible configuration system for
> > Apache. Packaged Apache modules put configuration fragments in
> > /etc/apache2/mods-available, but they're not used unless there's a
> > matching symlink in /etc/apache2/mods-enabled. A similar system is used
> > for vhosts.
> >
> > Unless you really want options to apply to all vhosts, it's probably
> > best to leave the fragments in mods-available alone, and add
> > configuration to the vhost fragments in /etc/apache2/sites-available.
> >
> > I usually open any of these fragments using the mods-enabled/ or
> > sites-enabled/ path and the symlink, to make sure I'm actually editing a
> > live file and not one that's disabled.
> >
> > Run "a2enmod" and see what mods are actually loaded. Then restart
> > Apache to make sure that's what's actually running.
> >
> > Do you see any warnings in the main error log?
> >
> > Are you able to use any repositories you've set up? From your original
> > message it sounds like repository access is working, because otherwise
> > it sounds like your configuration just isn't getting parsed.
> >
> > [fiddles configs] I think I may have found your problem, but I can't
> > explain *why* it's happening. On two machines, with three vhosts, I
> > have SVN action logs enabled and working. However, the CustomLog
> > directive is inside each individual vhost block; it's not "global" as
> > you appear to be trying to do. When I tried adding the CustomLog
> > directive in the same location as you're trying, I get the same result -
> > log file is created, but nothing gets written to it.
> >
> > Try adding the CustomLog to the vhost container for the vhost you're
> > trying to enable logging on - the "default" vhost should work OK if you
> > don't have any others. I'm not certain about this, however; you may
> > have to define a vhost, or at least move all of your live SVN
> > configuration into the 000-default vhost configuration fragment.
> >
> > (The /etc/apache2/mods-available/dav_svn.conf file is in fact completely
> > commented out on the one machine; all actual SVN configuration is in
> > the vhost definitions. Aside from the other machine being CentOS and
> > using a different set of fragments it's the same story.)
> >
> > > ### not sure why following does not work
> > > ### #MKB: turn on custom logs for easier reading
> > > CustomLog /var/log/apache2/subversion.log "%t %u %{SVN-ACTION}e" env=SVN-ACTION
> > > LogFormat "%t %u %{SVN-ACTION}e" svn
> >
> > The LogFormat line here isn't really doing anything useful for two
> > reasons: you've already given CustomLog the log format description, and
> > you're defining the log format after the statement defining the log
> > file. See
> > http://httpd.apache.org/docs/2.0/mod/mod_log_config.html#customlog.
> >
> > -kgd
>
>
> Okay, given this seems somewhat Debian-related (rather than subversion
> only) I've added Debian-user to the cc list and also the
> debian-admininstration lot in case they wish to use the info:
>
> Kris, I've followed your example and
> a) yes, dav_svn.conf is enabled
>
> b) removed all Subversion-related CustomLog directives from
> mods-available/dav_svn.conf
>
> c) I've only the default virtual host:
> michael_at_ratty:/etc/apache2$ ls sites-available/
> default default~
> so have editted that to include the line
> CustomLog /var/log/apache2/subversion.log "%t %u %{SVN-ACTION}e"
> env=SVN-ACTION
> immediately after the line
> CustomLog /var/log/apache2/access.log combined
> in the (only) VirtualHost present in that file.
>
> Then reloading apache2 and doing an 'svn export' (on another machine) I
> do indeed get the required result:
>
> michael_at_ratty:/var/log/apache2$ cat subversion.log
> [17/Jan/2008:17:33:38 +0000] atmos_svn checkout-or-export '/'
>
>
> Many thanks and I hope other Debian users find your help useful!
>
> Michael
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: users-help_at_subversion.tigris.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-01-28 21:32:42 CET