That was my concern as well and the following did work without prompting
for a password. I did realize though that we had a path that was not
supposed to be publicly readable. In playing with how to deal with that
I found the following works as well. You get 403s for write operations
and read operations on paths that are not read *. You also never get
prompted for authentication information.
<Location /svn>
DAV svn
SVNPath /jasig/svn/jasig
AuthzSVNAccessFile /jasig/svn/svn-read-only-authZ
</Location>
The authZ file looks like:
# Grant a global 'read' to all users, including anon.
[/]
* = r
# Restrict 'read/write' on infrastructure to infrastructure group only
[/infrastructure]
* =
On 3/23/10 3:58 PM, Konstantin Kolinko wrote:
> 2010/3/23 Eric Dalquist<eric.dalquist_at_doit.wisc.edu>:
>
>> We would like to have a version of our SVN repository available read-only
>> over HTTP.
>>
> I have not tried, but I think you can do the following:
>
> ...
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Order Deny,Allow
> Deny from all
> </LimitExcept>
>
>
> If you are providing access both by HTTP and HTTPS it might be a bad
> idea to even ask for credentials on HTTP, because if Basic auth is
> used the credentials are transmitted in plain text.
>
> Probably there are also another ways to limit allowed verbs to the
> above four, e.g. using SetEnvIf. That configuration snippet is just
> what came to mind.
>
> Best regards,
> Konstantin Kolinko
>
Received on 2010-03-25 03:26:46 CET