[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: server config

From: Dana Epp <dana_at_vulscan.com>
Date: Mon, 19 Aug 2013 09:44:25 -0700

Being that you will be using WebDAV, I'd recommend you look at the
AuthzSVNAccessFile directive and control the access you want that way.

Here is what mine looks like:

<Location /svn>
        DAV svn
        SVNPath /var/svn
        AuthzSVNAccessFile /var/svn/svnaccess.conf
        Require Valid-User
        AuthType Basic
        AuthName "Code Repository"
        AuthUserFile /var/svn/passwd
</Location>

HTH. YMMV.

Regards,
Dana

On Mon, Aug 19, 2013 at 9:07 AM, Scott Frankel <frankel_at_circlesfx.com>wrote:

>
> Hi all,
>
> I'm new to SVN server configuration and find myself setting up a CentOS
> 6.4 server with svn version 1.6.1, following the red-bean book.
>
> I'm having difficulty with authorization &/or authentication: my repo
> appears to be accessible by anyone in spite of requiring "valid-user" and
> specifying digest authentication. I believe this because 1) I can download
> a full working copy of the repo to a 3rd-party logged into a foreign
> computer, and 2) I have dozens of entries in apache's logfiles, like these
> from this morning, *prior* to any known/legitimate access to my repos today:
>
> svn_logfile:
> [19/Aug/2013:00:46:32 +0000] - checkout-or-export / r1 depth=infinity
>
> access_log
> 93.174.93.213 - - [19/Aug/2013:07:23:50 +0000] "GET
> /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 319 "-" "ZmEu"
>
> error_log
> [Mon Aug 19 07:23:51 2013] [error] [client 93.174.93.213] File does not
> exist: /var/www/html/MyAdmin
>
>
> This doesn't look good at all. My Location directive follows below. The
> /etc/svn-auth.htdigest exists and appears to be valid. My goal is to setup
> the repo, serve it via Apache, provide access to only a small number of
> people that I approve, use cmd-line svn and do so securely.
>
> This is my first brush with Apache, OpenSSL, and general server config.
> Thanks in advance for your suggestions! BTW, I'm not subscribed and would
> appreciate being cc'd on any replies.
> Scott
>
>
>
> <Location /svn>
> DAV svn
> SVNParentPath /var/svn
>
> # Authentication: Digest
> AuthName "Subversion repository"
> AuthType Digest
> AuthUserFile /etc/svn-auth.htdigest
>
> # Authorization: Authenticated users only
> Require valid-user
> </Location>
>
>
>
>

-- 
Regards,
Dana Epp
Microsoft Security MVP
Received on 2013-08-19 18:45:39 CEST

This is an archived mail posted to the Subversion Users mailing list.