[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: read-only repository view

From: Eric Dalquist <eric.dalquist_at_doit.wisc.edu>
Date: Wed, 24 Mar 2010 21:23:45 -0500

That was my concern as well and the following did work without prompting
for a password. I did realize though that we had a path that was not
supposed to be publicly readable. In playing with how to deal with that
I found the following works as well. You get 403s for write operations
and read operations on paths that are not read *. You also never get
prompted for authentication information.

<Location /svn>
         DAV svn
         SVNPath /jasig/svn/jasig

         AuthzSVNAccessFile /jasig/svn/svn-read-only-authZ
</Location>

The authZ file looks like:

# Grant a global 'read' to all users, including anon.
[/]
* = r

# Restrict 'read/write' on infrastructure to infrastructure group only
[/infrastructure]
* =

On 3/23/10 3:58 PM, Konstantin Kolinko wrote:
> 2010/3/23 Eric Dalquist<eric.dalquist_at_doit.wisc.edu>:
>
>> We would like to have a version of our SVN repository available read-only
>> over HTTP.
>>
> I have not tried, but I think you can do the following:
>
> ...
> <LimitExcept GET PROPFIND OPTIONS REPORT>
> Order Deny,Allow
> Deny from all
> </LimitExcept>
>
>
> If you are providing access both by HTTP and HTTPS it might be a bad
> idea to even ask for credentials on HTTP, because if Basic auth is
> used the credentials are transmitted in plain text.
>
> Probably there are also another ways to limit allowed verbs to the
> above four, e.g. using SetEnvIf. That configuration snippet is just
> what came to mind.
>
> Best regards,
> Konstantin Kolinko
>

Received on 2010-03-25 03:26:46 CET

This is an archived mail posted to the Subversion Users mailing list.