[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Strange SVN + Apache Behaviour

From: Shad Sharma <shadanan_at_gmail.com>
Date: Fri, 7 Mar 2008 15:25:22 -0500

On 7-Mar-08, at 10:20 AM, Bernhard Fischer wrote:

> On Friday 07 March 2008, Shad Sharma wrote:
>> On Fri, Mar 7, 2008 at 4:15 AM, Bernhard Fischer
>> <bf_at_abenteuerland.at>
> wrote:
>>> On Friday 07 March 2008, Shad Sharma wrote:
>>>>> The user running the apache must have r/w access to the directory
>>>>> on the filesystem.
>>>>>
>>>>> Your repository seems to be located
>>>>> in /home/cpnadmin/cargopartnersnetwork.com/repos/ but the path of
>>>>> the virtual host is /home/cpnadmin/cargopartnersnetwork.com/html/
>>>>> and there. There is no Alias for this. That meens Apache looks up
>>>>> your repository in /home/cpnadmin/cargopartnersnetwork.com/html/
>>>>> svn/
>>>>> but it isn't really there.
>>>>>
>>>>> Bernhard
>>>>
>>>> Hi Bernhard,
>>>>
>>>> That's an insightful point which I did explore, however, you are
>>>> not
>>>> supposed to create an alias to your svn folder from your html
>>>> folder.
>>>> If you do that, then apache tries to read that folder like a
>>>> standard
>>>> html folder instead of the special DAV svn type as instructed by
>>>> the
>>>> <Location> directive.
>>>>
>>>> I tried creating my repository in the actual html folder, i.e. at:
>>>> /home/cpnadmin/cargopartnersnetwork.com/html/svn
>>>> But this created new problems. The manuals I have been following
>>>> mentioned nothing about being required to put the svn repository in
>>>> the html folder (I tried it out of desperation).
>>>>
>>>> Currently, I am able to checkout existing projects with the current
>>>> settings. This indicates that at least the read permissions are
>>>> correct and the http GET requests are being handled correctly. In
>>>> fact, I can even create folders in the repository. So, the write
>>>> permissions are set correctly. This leads me to believe that there
>>>> *must* be some strange directive in my apache configuration file
>>>> that
>>>> is somehow redirecting my request to the wrong directory, or a
>>>> directive that is blocking the instruction based on a filter of
>>>> some
>>>> sorts. Unfortunately, I'm not sufficiently adept at reading the
>>>> apache
>>>> configuration to file to be able to tell which it is, if it is
>>>> indeed
>>>> one of these.
>>>>
>>>> Any other thoughts?
>>>>
>>>> Kind regards,
>>>> Shad
>>>
>>> Well, maybe you have some allow,deny directives in your httpd.conf
>>> or
>>> maybe there's some superior <location> or <directory> directive
>>> which
>>> forbids something you'd need in your svn-location.
>>> It's hard to guess what may be wrong but if you post your
>>> httpd.conf I
>>> propably can figure out the misconfiguration.
>>> It cannot be a big mistake because usually is really easy to
>>> configure
>>> Apache+SVN.
>>>
>>> Bernhard
>>
>> Sure. Here it is:
>>
>> Thanks a lot for your help. It is very much appreciated.
>>
>> Kind regards,
>> Shad
>>
>> #
>> # Based upon the NCSA server configuration files originally by Rob
>> McCool.
>> #
>> # This is the main Apache server configuration file. It contains the
>> # configuration directives that give the server its instructions.
>> # See <URL:http://httpd.apache.org/docs-2.0/> for detailed
>> information
>> about # the directives.
>> #
>>
>> [SNIP]
>>
>
> It looks good, but you do not load the svn-module. There should be
> these
> modules (order is important):
>
> LoadModule dav_module libexec/apache2/mod_dav.so
> LoadModule dav_fs_module libexec/apache2/mod_dav_fs.so
> LoadModule dav_svn_module libexec/apache2/mod_dav_svn.so
>
> Bernhard

Actually, mod_dav_svn.so is added via the extra include:

> Include conf.d/*.conf
There are a few files in there. This behaviour was there by default.
Here is the contents of those files:

********** carpathia.conf **********
<IfModule !mod_status.c>
   LoadModule status_module modules/mod_status.so
</IfModule>

<IfModule mod_status.c>
   ExtendedStatus On
   <Location /server-status>
     SetHandler server-status
     Order deny,allow
     Deny from all
     Allow from 66.117.35.36
   </Location>
</IfModule>

********** modsecurity.conf **********
<IfModule !mod_security.c>
LoadModule security_module /usr/lib/httpd/modules/mod_security.so
</IfModule>

<IfModule mod_security.c>

# Allow Openwebmail to work
<Location /cgi-bin/openwebmail/>
     SecFilterRemove 300013
     SecFilterRemove 300014
     SecFilterRemove 300015
     SecFilterRemove 300016
     SecFilterRemove 90053
     SecFilterRemove 90054
     SecFilterRemove 90058
     SecFilterRemove 90059
</Location>

#Horde postings
<LocationMatch "/horde/imp/compose.php">
    SecFilterRemove 300013
    SecFilterRemove 300015
    SecFilterRemove 300016
#SecFilterRemove 1009
</LocationMatch>

#PhpMyadmin
<Location ~ "/(phpMyAdmin|phpmyadmin|myadmin|pma)">
    SecFilterRemove 1010
    SecFilterRemove 1011
    SecFilterRemove 1012
    SecFilterRemove 300015
    SecFilterRemove 300016
    SecFilterRemove 380015
</Location>

#<LocationMatch "/phpMyAdmin/tbl_change.php">
# SecFilterRemove 300016
#</LocationMatch>
#<LocationMatch "/phpMyAdmin/sql.php">
# SecFilterRemove 300016
# SecFilterRemove 1012
# SecFilterRemove 1010
# SecFilterRemove 300015
#</LocationMatch>
#<LocationMatch "/myadmin/tbl_change.php">
# SecFilterRemove 300016
#</LocationMatch>
#<LocationMatch "/myadmin/sql.php">
# SecFilterRemove 300016
# SecFilterRemove 1012
# SecFilterRemove 1010
# SecFilterRemove 300015
#</LocationMatch>

# Allow Frontpage to work
<LocationMatch "/_vti_bin/_vti_aut/author.exe">
    SecFilterInheritance Off
</LocationMatch>

#WordPRess
<LocationMatch "/wp-admin/options-reading.php">
    SecFilterRemove 300015
</LocationMatch>

#/profile.php
<LocationMatch "/profile.php">
    SecFilterRemove 300015
</LocationMatch>

#ColdFusion RDS
<LocationMatch "/CFIDE/main/ide.cfm">
    SecFilterRemove 360001
</LocationMatch>

###########################################
#Double pipe exclusion rules
###########################################
<LocationMatch "/_vti_bin/fpcount.exe">
    SecFilterRemove 300014
</LocationMatch>

###########################################
#Mambo/Joomla exclusions
###########################################
<LocationMatch "/index.php">
    SecFilterRemove 380000
    SecFilterRemove 300013
</LocationMatch>
<LocationMatch "/administrator/index2.php">
    SecFilterRemove 300013
    SecFilterRemove 300016
    SecFilterRemove 380000
    SecFilterRemove 360001
</LocationMatch>

     # Enable ModSecurity
     SecFilterEngine DynamicOnly

     # Reject requests with status 403
     SecFilterDefaultAction "deny,log,status:403"

     # Some sane defaults
     SecFilterScanPOST On
     SecFilterCheckURLEncoding On
     SecFilterCheckUnicodeEncoding Off

     # Accept almost all byte values
     SecFilterForceByteRange 1 255

     # Server masking is optional
     #SecServerSignature "Apache/2.0.51 (Fedora)"

     # Designate a directory for temporary files
     # storage. It is a good idea to change the
     # value below to a private directory, just as
     # an additional measure against race conditions
     SecUploadDir /tmp
     SecUploadKeepFiles Off

     # Only record the interesting stuff
     SecAuditEngine RelevantOnly
     # Uncomment below to record responses with unusual statuses
     # SecAuditLogRelevantStatus ^5
     SecAuditLog logs/modsec_audit.log

     # You normally won't need debug logging

     SecFilterDebugLevel 0
     SecFilterDebugLog logs/modsec_debug.log

     # Only accept request encodings we know how to handle
     # we exclude GET requests from this because some (automated)
     # clients supply "text/html" as Content-Type
     SecFilterSelective REQUEST_METHOD "!^(GET|HEAD)$" "chain,id:9001"
     SecFilterSelective HTTP_Content-Type "!(^application/x-www-form-
urlencoded$|^multipart/form-data;)"

     # Do not accept GET or HEAD requests with bodies
     SecFilterSelective REQUEST_METHOD "^(GET|HEAD)$" "chain,id:9002"
     SecFilterSelective HTTP_Content-Length "!^$"

     # Require Content-Length to be provided with
     # every POST request
     SecFilterSelective REQUEST_METHOD "^POST$" "chain,id:9003"
     SecFilterSelective HTTP_Content-Length "^$"

     # Don't accept transfer encodings we know we don't handle
     SecFilterSelective HTTP_Transfer-Encoding "!^$" id:1001

     CustomLog logs/modsec_custom_log "%h %l %u %t \"%r\" %>s %b %
{mod_security-message}i" env=mod_security-relevant

     # Require HTTP_USER_AGENT and HTTP_HOST in all requests
     SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$" id:1002

     # Protecting from XSS attacks through the PHP session cookie
     SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$" id:1003
     SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$" id:1004

     # Command execution attacks
     SecFilter /etc/password id:1005
     SecFilter /bin/ls id:1006
     SecFilter "/bin/*cc" id:1028

     # Directory traversal attacks
     SecFilter "\.\./" id:1007

     # Weaker XSS protection but allows common HTML tags
     SecFilter "<[[:space:]]*script" id:1008

     # Prevent XSS atacks (HTML/Javascript injection)
     #SecFilter "<(.|n)+>" id:1009

     # SQL injection attacks
     SecFilter "delete[[:space:]]+from" id:1010
     SecFilter "insert[[:space:]]+into" id:1011
     SecFilter "select.+from" id:1012

     # MS SQL specific SQL injection attacks
     SecFilter xp_enumdsn id:1013
     SecFilter xp_filelist id:1014
     SecFilter xp_availablemedia id:1015
     SecFilter xp_cmdshell id:1016
     SecFilter xp_regread id:1017
     SecFilter xp_regwrite id:1018
     SecFilter xp_regdeletekey id:1019

     #SecFilterScanOutput On
     #SecFilterOutputMimeTypes "(null) text/html text/plain"
     #SecFilterSelective OUTPUT "Volume Serial Number" id:1020
     #SecFilterSelective OUTPUT "Command completed" id:1021
     #SecFilterSelective OUTPUT "Bad command or filename" id:1022
     #SecFilterSelective OUTPUT "file(s) copied" id:1023
     #SecFilterSelective OUTPUT "Index of /cgi-bin/" id:1024
     #SecFilterSelective OUTPUT ".*uid\=\(" id:1025

     # Protecting from XSS attacks through the PHP session cookie
     SecFilterSelective ARG_PHPSESSID "!^[_0-9a-zA-Z]*$" id:1026
     SecFilterSelective COOKIE_PHPSESSID "!^[_0-9a-zA-Z]*$" id:1027

     #XSS insertion into Content-Type
     SecFilterSelective THE_REQUEST "Content-Type
\:.*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|
about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:)"
"id:300002,rev:1,severity:2,msg:'XSS attack in Content-type header'"

     #Don't accept chunked encodings
     #modsecurity can not look at these, so this is a hole
     #that can bypass your rules, the rule before this one
     #should cover this, but hey paranoia is cheap
     SecFilterSelective HTTP_Transfer-Encoding "chunked" "id:
300003,rev:1,severity:2,msg:'Chunked Transfer Encoding denied'"

     #Code injection via content length
     SecFilterSelective HTTP_Content-Length "\;(system|passthru|exec)\
(" "id:330003,rev:1,severity:2,msg:'Code Injection in Content-Length
header'"

#generic recursion signatures
SecFilterSelective THE_REQUEST "\.\|\./\.\|\./\.\|" "id:300005,rev:
1,severity:2,msg:'Generic Path Recursion denied'"

#generic bogus path sigs
SecFilterSelective THE_REQUEST "\.\.\./" "id:300006,rev:1,severity:
2,msg:'Bogus Path denied'"
SecFilterSelective POST_PAYLOAD "[[:space:]]+\.\.\.+\;" "id:300007,rev:
1,severity:2,msg:'Bogus Path denied'"

#Generic PHP exploit signatures
SecFilterSelective THE_REQUEST "(chr|fwrite|fopen|system|e?chr|
passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|
proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|
posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|
phpinfo)\(.*\)\;" "id:330001,rev:1,severity:2,msg:'Generic PHP exploit
pattern denied'"

#Generic PHP exploit signatures
SecFilterSelective POST_PAYLOAD|REQUEST_URI "<\?php (chr|fwrite|fopen|
system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|
proc_terminate|proc_get_status|proc_close|pfsockopen|leak|
apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|
posix_setsid|posix_setuid|phpinfo)\(.*\)\;" "id:330002,rev:1,severity:
2,msg:'Generic PHP exploit pattern denied'"

#slightly tighter rules with narrower focus
SecFilterSelective REQUEST_URI|POST_PAYLOAD "(chr|fwrite|fopen|system|
echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|
proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|
posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|
phpinfo)\(.*\)\;" "id:300008,rev:1,severity:2,msg:'Generic PHP exploit
pattern denied'"

#generic XSS PHP attack types
SecFilterSelective REQUEST_URI "\.php\?" "chain,id:300010,rev:
1,severity:2,msg:'Generic PHP XSS exploit pattern denied'"
SecFilter "(javascript\:/(.*new\x20ActiveXObject.*Sh\.regwrite|.*window
\.opener\.document\.body.\innerHTML=window\.opener\.document\.body
\.innerHTML\.replace)|onmouseover=\'javascript)"

#Prevent SQL injection in cookies
SecFilterSelective COOKIE_VALUES "((select|grant|delete|insert|drop|
alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|
a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)
[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,
[0-9].*INTO.*FROM)" "id:300011,rev:1,severity:2,msg:'Generic SQL
injection in cookie'"

#Prevent command injection through cookies
SecFilterSelective COOKIE_VALUES "\; cmd=" id:9006

#Prevent SQL injection in UA
SecFilterSelective HTTP_USER_AGENT "((select|grant|delete|insert|drop|
alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|
a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)
[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,
[0-9].*INTO.*FROM)" "id:300012,rev:1,severity:2,msg:'Generic SQL
injection in User Agent header'"

# Generic filter to prevent SQL injection attacks
# Understand that all SQL filters are very limited and are very
difficult
# to prevent false postives and negatives.
SecFilterSelective REQUEST_URI "!((/wp-admin/post|privmsg|/ticket/
admin|/misc|tiki-editpage|/post|/horde3?/imp/compose|/posting)\.php|/
modules\.php\?op=modload&name=(Downloads|Submit_News)|/admin\.php\?
module=NS\-AddStory\&op=|/index\.php\?
name=PNphpBB2&file=posting&mode=reply.*|/phpMyAdmin/|/PNphpBB2-posting
\.html|/otrs/index\.pl|tiki-index\.php\?page=|/index\.php\?
title=.*&action=edit|/_mmServerScripts/|/node/[0-9]+/edit|/_vti_bin/.*
\.exe/)" "chain,id:300013,rev:1,severity:2,msg:'Generic SQL injection
protection'"
SecFilter "((select|grant|delete|insert|drop|alter|replace|truncate|
update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+
[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|
0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)"

SecFilterSelective ARGS "(or.+1[[:space:]]*=[[:space:]]1|(or 1=1|'.
+)--')" "id:300014,rev:1,severity:2,msg:'Generic SQL injection
protection'"

SecFilterSelective ARGS "((alter|create|drop)[[:space:]]+(column|
database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" "id:
300015,rev:1,severity:2,msg:'Generic SQL injection protection'"

SecFilterSelective REQUEST_URI "!(/node/[0-9]+/edit|/forum/posting
\.php|/admins/wnedit\.php|/alt_doc\.php\?returnUrl=.*edit|/admin/
categories\.php\?cPath=.*|modules\.php\?
name=Forums&file=posting&mode=.*)" "chain,id:300016,rev:2,severity:
2,msg:'Generic SQL injection protection'"
SecFilterSelective ARGS "(insert[[:space:]]+into.+values|select.*from.+
[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|
convert.+\(.*from)"

#Meta character SQL injection
SecFilterSelective REQUEST_URI "\'.*(insert[[:space:]]+into.+values|
select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.
+select|convert.+\(.*from)|and.*char\(.*\)" "id:380015,rev:1,severity:
2,msg:'Generic SQL metacharacter URI injection protection'"

#Generic command line attack filter
SecFilterSelective REQUEST_URI "!(/Count\.cgi)" "chain,id:300017,rev:
1,severity:2,msg:'Generic command line attack filter'"
SecFilterSelective THE_REQUEST "\|+.*[\x20].*[\x20].*\|"

#PHP Injection Attack generic signature
SecFilterSelective REQUEST_URI "\.php" "chain,id:9007"
SecFilter "(\?((LOCAL|INCLUDE|PEAR|SQUIZLIB)_PATH|action|content|dir|
name|menu|pm_path|path|pathtoroot|cat|pagina|path|include_location|
root|page|gorumDir|site|topside|pun_root|open|seite)=(http|https|ftp)
\:/|(cmd|command)=(cd|\;|perl |killall |python |rpm |yum |apt-get |
emerge |lynx |links |mkdir |elinks |id|cmd|pwd|wget|lwp-(download|
request|mirror|rget) |uname|cvs |svn |(s|r)(cp|sh) |net(stat|cat) |
rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |\./|
whoami|killall |rm \-[a-z|A-Z]))"

#PHP Injection Attack generic signature
SecFilterSelective REQUEST_URI "\.php\?(((LOCAL|INCLUDE|PEAR|
SQUIZLIB)_PATH|action|content|dir|name|menu|pm_path|pagina|path|
pathtoroot|cat|include_location|gorumDir|root|page|site|topside|
pun_root|open|seite)=(http|https|ftp)\:/|.*(cmd|command)=(cd|\;|perl |
killall |python |rpm |yum |apt-get |emerge |lynx |links |mkdir |elinks
|cmd|pwd|wget |lwp-(download|request|mirror|rget) |id|uname |cvs |svn |
(s|r)(cp|sh) |net(stat|cat)|rexec |smbclient |t?ftp |ncftp |curl |
telnet |gcc |cc |g\+\+ |whoami|\./|killall |rm \-[a-z|A-Z]))"

#Generic PHP remote file inclusion attack signature
SecFilterSelective REQUEST_URI "\.php\?" "chain,id:9008"
SecFilter "(http|https|ftp)\:/" chain
SecFilter "(cmd|command)=(cd|\;|perl |killall |python |rpm |yum |apt-
get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(download|
request|mirror|rget) |id|uname|cvs |svn |(s|r)(cp|sh) |net(stat|cat) |
rexec |smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|
\./|killall |rm \-[a-z|A-Z])"

#Generic PHP remote file inclusion attack signature with command
SecFilterSelective REQUEST_URI "\.php\?" "chain,id:9009"
SecFilter "(http|https|ftp)\:/" chain
SecFilter "(cmd|command)=.*(cd|\;|perl |killall |python |rpm |yum |apt-
get |emerge |lynx |links |mkdir |elinks |cmd|pwd|wget |lwp-(download|
request|mirror|rget) |id|uname|cvs |svn |(s|r)(cp|sh) |net(stat|cat) |
rexec|smbclient |t?ftp |ncftp |curl |telnet |gcc |cc |g\+\+ |whoami|
\./|killall |rm \-[a-z|A-Z])"

#generic SQL injection sigs using PCRE
SecFilter "/\w*(\x27|\’)(\x6F|o|\x4F)(\x72|r|\x52)/ix" id:9004

#XSS generic sig
SecFilter "/(\x3D|=)[^\n]*(\x3C|<)[^\n]+(\x3E|>)" id:9005

SecFilter "bcc:" id:90051
SecFilter "bcc\x3a" id:90052
SecFilter "cc:" id:90053
SecFilter "cc\x3a" id:90054
SecFilter "bcc:|Bcc:|BCC:" chain,id:90055
SecFilter "[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}\,\x20[A-Z0-9._%-]
+@[A-Z0-9._%-]+\.[A-Z]{2,4}"
SecFilterSelective POST_PAYLOAD "Bcc:" id:90056
SecFilterSelective POST_PAYLOAD "Bcc:\x20" id:90057
SecFilterSelective POST_PAYLOAD "cc:" id:90058
SecFilterSelective POST_PAYLOAD "cc:\x20" id:90059
SecFilterSelective POST_PAYLOAD "bcc:" id:90061
SecFilterSelective POST_PAYLOAD "bcc:\x20" id:90062
SecFilterSelective POST_PAYLOAD "bcc: " id:90063
SecFilterSelective THE_REQUEST "Bcc:" id:90064
SecFilterSelective THE_REQUEST "Bcc:\x20" id:90065
SecFilterSelective THE_REQUEST "cc:" id:90066
SecFilterSelective THE_REQUEST "cc:\x20" id:90067
SecFilterSelective THE_REQUEST "bcc:" id:90068
SecFilterSelective THE_REQUEST "bcc:\x20" id:90069
SecFilterSelective THE_REQUEST "bcc: " id:90060

</IfModule>

********** php.conf **********
#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#

LoadModule php4_module modules/libphp4.so

#
# Cause the PHP interpreter to handle files with a .php extension.
#
AddType application/x-httpd-php .php

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php

********** subversion.conf **********
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

#
# Example configuration to enable HTTP access for a directory
# containing Subversion repositories, "/var/www/svn". Each repository
# must be readable and writable by the 'apache' user.
#
# Note that if SELinux is enabled, the repositories must be labelled
# with a context which httpd can write to; this will happen by default
# for newly created directories in /var/www. Use the command
# "restorecon -R /var/www/svn" to label the repositories if migrating
# from a system without SELinux enabled; to label a repository outside
# /var/www, use "chcon -R -h -t httpd_sys_content_t /path/to/repos".
#

#
# To create a new repository using this scheme, say,
# http://localhost/repos/stuff, run as root:
#
# # cd /var/www/svn
# # svnadmin create stuff
# # chown -R apache.apache stuff
#

#<Location /svn>
#DAV svn
#SVNPath /home/cpnadmin/cargopartnersnetwork.com/repos
#SecFilterEngine Off
#</Location>

#<Location /repos>
# DAV svn
# SVNParentPath /var/www/svn
#
# # Limit write permission to list of valid users.
# <LimitExcept GET PROPFIND OPTIONS REPORT>
# # Require SSL connection for password protection.
# # SSLRequireSSL
#
# AuthType Basic
# AuthName "Authorization Realm"
# AuthUserFile /path/to/passwdfile
# Require valid-user
# </LimitExcept>
#</Location>

********** welcome.conf **********
#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL. To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
     Options -Indexes
     ErrorDocument 403 /error/noindex.html
</LocationMatch>

As you can see, the mod_dav_svn.so is loaded (and in the correct
order) via the includes. I have also disabled the application filter
(mod_security) in my /svn folder via the SecFilterEngine Off
directive, so I don't think there will be anything in that file.

Kind regards,
Shad
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-07 21:24:26 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.