Re: disable security hole in svn+ssh?

From: Ryan Schmidt <subversion-2011a_at_ryandesign.com>
Date: Thu, 28 Jul 2011 23:53:38 -0500

On Jul 28, 2011, at 23:44, Ryan Schmidt wrote:
> On Jul 28, 2011, at 20:27, Andy Canfield wrote:
>> On 07/28/2011 09:48 PM, Geoff Hoffman wrote:
>>> You can then detect http protocol with a rewrite rule and redirect to https using mod_rewrite in either the vhost container or .htaccess file.
>> Where would the .htaccess file be for svn+ssh? There's no directory!
>
> .htaccess is a feature of the Apache web server. It is not applicable to svn or svn+ssh access, since that uses svnserve and not Apache.

If the question was how to redirect someone from svn to svn+ssh, then that's not possible, but again, the solution if you want users to only use encrypted access would be to not start an svnserve instance on the server, thus preventing anyone from using svn protocol.

> More directly, the answer to your question of how to prevent someone from circumventing https and accessing the server via http, is to simply configure the server to not serve the repository on http at all. Put all your Subversion-related Apache configuration directives inside an https virtual host only.
>
> <VirtualHost *:433>

Of course that port number should have been 443.
Received on 2011-07-29 06:54:45 CEST

This message: [ Message body ]
Next message: Waseem Bokhari: "RE: SVN Error on Commit!!"
Previous message: Ryan Schmidt: "Re: disable security hole in svn+ssh?"
In reply to: Ryan Schmidt: "Re: disable security hole in svn+ssh?"
Next in thread: Les Mikesell: "Re: disable security hole in svn+ssh?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]