Hi all
Andrey Repin wrote:
> Greetings, John Pye!
>
>
>>>>>>> Looking at your VH definition... it's messy.
>>>>>>> Reduce the number of entities. Add next one only after you have the previous
>>>>>>> work "as expected".
>>>>>>> And put
>>>>>>>
>>>>>>> Order allow,deny
>>>>>>> Allow from all
>>>>>>>
>>>>>>> Before <Location> blocks.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> You can't put Order or Allow statements outside either <Location> or
>>>>>> <Directory> tags, AIUI.
>>>>>>
>>>>>>
>>>>>>
>>>>> Still, it's messy.
>>>>>
>>>>> Try starting from
>>>>>
>>>>> <VirtualHost *:80>
>>>>> ServerAdmin john.pye_at_anu.edu.au
>>>>> ServerName ascendsvn.cheme.cmu.edu
>>>>>
>>>>> DocumentRoot /var/www/svn
>>>>>
>>>>> # Possible values include: debug, info, notice, warn, error, crit,
>>>>> # alert, emerg.
>>>>> LogLevel debug
>>>>> ErrorLog /var/log/apache2/svn-error.log
>>>>>
>>>>> RedirectMatch ^/stats/?$ http://ascend.cheme.cmu.edu/awstats/awstats.pl?config=ascendsvn.cheme.cmu.edu
>>>>>
>>>>> #RedirectMatch permanent ^/$ /ascend
>>>>>
>>>>> CustomLog /var/log/apache2/svn.log combined
>>>>> ServerSignature On
>>>>>
>>>>> <Location />
>>>>> Order Allow,Deny
>>>>> Allow from all
>>>>> DAV svn
>>>>> SVNParentPath /home/svn
>>>>> </Location>
>>>>>
>>>>> </VirtualHost>
>>>>>
>>>>> And see how that would work.
>>>>>
>>>>>
>>>>>
>>>
>>>
>>>> I tried this, I get exactly the same error message. svn-error.log
>>>> contains...
>>>>
>>>>
>>>
>>>
>>>> [Tue May 19 19:35:42 2009] [error] [client 128.2.52.249] client denied
>>>> by server configuration: /var/www/svn/ascend
>>>>
>>>>
>>>
>>>
>>>> This error is completely weird because it relates to
>>>> /var/www/svn/ascend, which doesn't exist and should NEVER be being
>>>> requested...
>>>>
>>>>
>>> Hm. Try setting
>>> DocumentRoot /home/svn
>>> ?
>>>
>>>
>
>
>> That can't possibly be the solution.
>>
>
> To me, it absolutely must.
>
I note that most SVN configurations work fine with no DocumentRoot being
specified.
http://svnbook.red-bean.com/en/1.1/ch06s04.html
http://articles.techrepublic.com.com/5100-10878_11-5902186.html
http://www.debuntu.org/2006/05/20/54-how-to-subversion-svn-with-apache2-and-dav
To quote the red bean book:
For example, if your main DocumentRoot is /www, do not export a
Subversion repository in <Location /www/repos>. If a request comes in
for the URI /www/repos/foo.c, Apache won't know whether to look for a
file repos/foo.c in the DocumentRoot, or whether to delegate
*mod_dav_svn* to return foo.c from the Subversion repository.
>
>> The directory structure of
>>
>
> Are irrelevant.
>
Disagree: specifing DocumentRoot is telling Apache that it can serve up
documents from within that file tree using the 'tail' of the URLs.
>> /home/svn in no way matches the paths that are being requested via the
>> URLs, so this is definitely not the solution.
>>
>
> You addressing them through DAV_SVN in the end.
>
Yes, which is why DocumentRoot should not be used and is irrelevant
here. In fact it breaks things.
>
>>>> I appreciate your general approach but as far as I can see we're not
>>>> touching the root cause of this problem yet.
>>>>
>>>>
>>> Well, two things I know may produce this result:
>>> Location/Directory block referencing the path requested and the general
>>> Allow/Deny rule over the "/" of filesystem.
>>> It's really hard to tell what is the case by looking only at the extracted
>>> part of Apache configuration.
>>>
>>>
>
>
>> I don't actually think that this is an Allow/Deny problem.
>>
>
> It is.
> The only way to cause "Client denied by server configuration" is to have
> implicit or explicit Deny rule applied to that client in one way or another.
>
OK, so it's possible, but I'm still hunting for where this could be.
Unless it's in one of the /etc/apache2/mods-available files...
Surely my configuration file overrides any such Allow/Deny rules, by
creating a whole new set?
>
>> The final error message from svn-error.log makes no sense, because the
>> 'ascendsvn' virtual host is obviously dealing with it, but DAV is
>> apparently not dealing with it, even though the URL seems to match.
>> Also, why is it a 403 error, rather than a 404 error, given that there
>> is no such directory /var/ww/svn/ascend.
>>
>
> Ask your CMS documentation...
>
My CMS? Content management system? I don't have one installed here.
[...]
>
>> If I remove the DocumentRoot directive then the machines that were
>> previously working continue to work, and the machines that were
>> previously broken go back to the same 403 error again.
>>
>
> Which leads to what i though: you have globally defined settings that
> affecting your virtualhost.
> Either Option -Indexes or Deny
>
Surely I can override there here though? Surely I already have with the
settings previously provided? If not, how not?
>
>> root_at_ascend:~# telnet ascendsvn.cheme.cmu.edu 80Trying 128.2.52.249...
>> Connected to ASCENDSERVER.cheme.cmu.edu.
>> Escape character is '^]'.
>> PROPFIND /ascend/code/trunk/solvers/ HTTP/1.1
>> Host: ascendsvn.cheme.cmu.edu
>> User-Agent: JohnPye
[...]
>> Any thoughts?
>>
>
> Hm. This is interesting. I've tried this same request on my repos.
>
> curl -iX PROPFIND -u user:pass http://svn.darkdragon/repos/trunk
> HTTP/1.1 403 Forbidden
> Date: Thu, 21 May 2009 12:14:29 GMT
> Server: Apache/2.2.11 (Win32) mod_auth_sspi/1.0.5 SVN/1.6.1 PHP/5.2.2 DAV/2
> Content-Length: 227
> Content-Type: text/html; charset=ISO-8859-1
>
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>403 Forbidden</title>
> </head><body>
> <h1>Forbidden</h1>
> <p>PROPFIND requests with a Depth of "infinity" are not allowed for /repos/trunk.</p>
> </body></html>
>
> Client was running 1.6.1 too.
>
OK, so you're getting the "Depth infinity" error as well... so a 403
error is a fundamental part of a fully operations SVN installation???
An interesting thing, not sure if it's relevant. Today I attempted an
"svn up" on my *working* client, and I got the 403 error once, then got
a successful update the second time!
john_at_thunder:~/ascend$ svn up
svn: Server sent unexpected return value (403 Forbidden) in response to
PROPFIND request for '/ascend/code/trunk'
john_at_thunder:~/ascend$ svn up
At revision 2280.
How could that happen?
Cheers
JP
--
Dr John Pye
Dept of Engineering
Australian National University
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2353682
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-05-26 07:04:38 CEST