[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Forbidding directory listing

From: Patrick Krekelberg <patrick_at_bellapk.com>
Date: Mon, 7 Jul 2008 15:05:28 -0500

Hi,

I have a Windows server which is running Apache 2 with a number of
repositories. I have one Location on the "insecure" HTTP domain which
is being accessed in httpd.conf like this:

<Location />
DAV svn
SVNListParentPath Off
SVNParentPath //myServer/SVN/public
</Location>

This is allowing an "insecure" unauthenticated connection to a
specific directory where I have a number of repositories intended for
business units to release code. I have a "secure" method for accessing
this same directory in my ssl.conf file:

<Location /pub>
DAV svn
SVNListParentPath On
SVNParentPath //myServer/SVN/public

SSLRequireSSL
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain myActiveDirectoryServer
SSPIOmitDomain on
SSPIUsernameCase lower
SSPIPerRequestAuth Off
SSPIOfferBasic On
AuthName "my Public Repository"
Require valid-user
</Location>

The idea is that developers could create folders and post releases to
the public repository using the secure, authenticated view, but
clients could access the same files using the insecure link.

So, I can go to http://svn.mydomain.com/ or https://svn.mydomain.com/pub/
  to get to the same place. The problem is, if I go to http://svn.mydomain.com/aRepositoryName
  I get a directory listing of the folders in the repository!! I want
to be able to send a client a URL like http://svn.mydomain.com/aRepositoryName/ClientName/ProjectName/myfile.zip
  while knowing they cannot go down a few folders and look at other
client releases.

I have tried adding Options -Indexes to the Location tag in the
httpd.conf file but this does nothing. What am I missing? If I could
make it impossible to list any folders using the http:// version of
the access that would be perfect. That way clients could download
files, but also view completed web applications in the http:// domain
but wouldn't be able to list anything.

Thanks,
-Patrick

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-07 22:05:54 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.