Re: disable security hole in svn+ssh?
From: Ryan Schmidt <subversion-2011a_at_ryandesign.com>
Date: Thu, 28 Jul 2011 23:44:51 -0500
On Jul 28, 2011, at 20:27, Andy Canfield wrote:
.htaccess is a feature of the Apache web server. It is not applicable to svn or svn+ssh access, since that uses svnserve and not Apache.
This is more of an Apache issue, but .htaccess files aren't really recommended for production use. Turn them off in your httpd.conf, and put your http-to-https redirection rules directly into the httpd.conf.
More directly, the answer to your question of how to prevent someone from circumventing https and accessing the server via http, is to simply configure the server to not serve the repository on http at all. Put all your Subversion-related Apache configuration directives inside an https virtual host only.
This is an archived mail posted to the Subversion Users mailing list.