On May 20, 2009, at 23:40, John Pye wrote:
>>>> DocumentRoot /var/www/svn
>>>> SVNParentPath /home/svn
>> Hm. Try setting
>> DocumentRoot /home/svn
>> ?
>
> That can't possibly be the solution. The directory structure of
> /home/svn in no way matches the paths that are being requested via the
> URLs, so this is definitely not the solution.
If SVNParentPath is /home/svn then the one value to which
DocumentRoot must absolutely not be set is /home/svn. That will
definitely cause the situation described in the FAQ to which I
referred earlier:
http://subversion.tigris.org/faq.html#http-301-error
The FAQ text has some factual errors but it describes this situation.
The reason I had referred you to this FAQ before was that although
the error you were experiencing before did not exactly match this
issue, the intermittent nature of the problem did, so I thought your
issue might have a similar cause.
> I don't actually think that this is an Allow/Deny problem.
>
> If I create the /var/www/svn/ascend/code/trunk/
Was there supposed to be more here?
> Let's focus on this PROPFIND request. The error message always relates
> to a PROPFIND request. Why is that request being issued? Is it
> possible
> some on some machines that request is not being issued, because of
> something that's been cached in the system? Or is the PROPFIND request
> being made successfully in some cases, and not in others.
I would have guessed all machines would always issue the request, but
observing your web server logs should tell you for sure.
> My request:
>
> root_at_ascend:~# svn co
> http://ascendsvn.cheme.cmu.edu/ascend/web/trunk/ascend_html test1
> svn: PROPFIND request failed on '/ascend/web/trunk/ascend_html'
> svn: PROPFIND of '/ascend/web/trunk/ascend_html': 403 Forbidden
> (http://ascendsvn.cheme.cmu.edu)
>
> Output to svn.log:
>
> 128.2.52.249 - - [20/May/2009:23:02:23 -0400] "PROPFIND
> /ascend/web/trunk/ascend_html HTTP/1.1" 207 714 "-" "SVN/1.4.6
> (r28521)
> neon/0.27.2"
> 128.2.52.249 - - [20/May/2009:23:02:23 -0400] "PROPFIND
> /ascend/!svn/vcc/default HTTP/1.1" 207 397 "-" "SVN/1.4.6 (r28521)
> neon/0.27.2"
> 128.2.52.249 - - [20/May/2009:23:02:23 -0400] "PROPFIND
> /ascend/!svn/bln/2280 HTTP/1.1" 207 454 "-" "SVN/1.4.6 (r28521)
> neon/0.27.2"
> 128.2.52.249 - - [20/May/2009:23:02:23 -0400] "PROPFIND
> /ascend/web/trunk/ascend_html HTTP/1.1" 207 714 "-" "SVN/1.4.6
> (r28521)
> neon/0.27.2"
> 128.2.52.249 - - [20/May/2009:23:02:23 -0400] "PROPFIND
> /ascend/!svn/vcc/default HTTP/1.1" 207 397 "-" "SVN/1.4.6 (r28521)
> neon/0.27.2"
> 128.2.52.249 - - [20/May/2009:23:02:23 -0400] "PROPFIND
> /ascend/!svn/bln/2280 HTTP/1.1" 207 454 "-" "SVN/1.4.6 (r28521)
> neon/0.27.2"
> 128.2.52.249 - - [20/May/2009:23:02:23 -0400] "PROPFIND
> /ascend/web/trunk/ascend_html HTTP/1.1" 207 714 "-" "SVN/1.4.6
> (r28521)
> neon/0.27.2"
> 128.2.52.249 - - [20/May/2009:23:02:23 -0400] "PROPFIND
> /ascend/!svn/vcc/default HTTP/1.1" 207 397 "-" "SVN/1.4.6 (r28521)
> neon/0.27.2"
> 128.2.52.249 - - [20/May/2009:23:02:23 -0400] "PROPFIND
> /ascend/!svn/bln/2280 HTTP/1.1" 207 454 "-" "SVN/1.4.6 (r28521)
> neon/0.27.2"
> 128.2.52.249 - - [20/May/2009:23:02:23 -0400] "PROPFIND
> /ascend/web/trunk/ascend_html HTTP/1.1" 403 403 "-" "SVN/1.4.6
> (r28521)
> neon/0.27.2"
>
> Output to svn-error.log:
> [Wed May 20 23:02:23 2009] [error] [client 128.2.52.249] client denied
> by server configuration: /var/www/svn/ascend
>
> Everything seems to be going OK until the final request, which returns
> the "unauthorised" 403 response.
The problem seems to be that the final request is looking somehow
inside the DocumentRoot - see the svn-error.log entry.
> I'm not clear why several very similar requests seem to be being made,
> eg "PROPFIND [...]/bln/2280" -- is that normal?
Don't know.
> The final error message from svn-error.log makes no sense, because the
> 'ascendsvn' virtual host is obviously dealing with it, but DAV is
> apparently not dealing with it, even though the URL seems to match.
> Also, why is it a 403 error, rather than a 404 error, given that there
> is no such directory /var/ww/svn/ascend.
>
> To try an keep SVN happy, I did an experiment:
>
> cd /var/www/svn
> mkdir -p ascend/code/trunk/solvers
>
> Now, this has a *very interesting result*:
>
> On all client machines (both the ones that were previously broken and
> the ones that were previously working) I get:
>
> svn co http://ascendsvn.cheme.cmu.edu/ascend/code/trunk/solvers/
> test23
> svn: Repository moved permanently to
> 'http://ascendsvn.cheme.cmu.edu/ascend/code/trunk/solvers/'; please
> relocate
>
> (notice the pointless message: the URLs are equal)
Ok, now you have caused the situation described by the FAQ above,
which occurs when a directory in the DocumentRoot matches a thing
you're trying to check out. So you must not create the directory /var/
www/svn/ascend if /var/www/svn is your DocumentRoot and your
repositories are bound to <Location /ascend>.
> If I remove the DocumentRoot directive then the machines that were
> previously working continue to work, and the machines that were
> previously broken go back to the same 403 error again.
>
> Then, I tried performing the PROPFIND request using telnet:
>
> root_at_ascend:~# telnet ascendsvn.cheme.cmu.edu 80Trying 128.2.52.249...
> Connected to ASCENDSERVER.cheme.cmu.edu.
> Escape character is '^]'.
> PROPFIND /ascend/code/trunk/solvers/ HTTP/1.1
> Host: ascendsvn.cheme.cmu.edu
> User-Agent: JohnPye
>
> HTTP/1.1 403 Forbidden
> Date: Thu, 21 May 2009 03:21:15 GMT
> Server: Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.4.6 PHP/5.2.4-2ubuntu5.6
> with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
> Content-Length: 417
> Content-Type: text/html; charset=ISO-8859-1
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>403 Forbidden</title>
> </head><body>
> <h1>Forbidden</h1>
> <p>PROPFIND requests with a Depth of "infinity" are not allowed
> for /ascend/code/trunk/solvers/.</p>
> <hr />
> <address>Apache/2.2.8 (Ubuntu) DAV/2 SVN/1.4.6 PHP/5.2.4-2ubuntu5.6
> with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Server at
> ascendsvn.cheme.cmu.edu Port 80</address>
> </body></html>
>
>
> Isn't that exciting!
>
> Any thoughts?
I had not heard of "PROPFIND requests with a Depth of "infinity" are
not allowed" before. Google only shows 6 results. One is:
http://lists.apple.com/archives/macos-x-server/2001/Oct/msg00621.html
It says you can add "DAVDepthInfinity On" to get around this.
However, I have never heard that mentioned on this list before, and
I've been reading the list for years, so I don't know why you would
be the only one seeing this issue.
My thought was still that you have some kind of Alias or similar
directive elsewhere in a global part of the Apache config that is
matching something about the URL(s) you're dealing with here. Have
you grepped *all* your Apache configuration files (the httpd.conf and
anything it includes) for things like "Alias" and "/ascend"?
Another possibility that occurred to me is to try serf instead of
neon on the client. It uses different HTTP methods to communicate
with the server. Perhaps serf would work, or at least it might give
different error messages that might help narrow down the problem. To
configure your client to use serf instead of neon, use http-library
in the Subversion config file. See:
http://svnbook.red-bean.com/en/1.5/svn.advanced.confarea.html
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2343743
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-05-21 10:40:38 CEST