[F8] Apache Mod_Security and SubVersion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




To make a really long story short  as possible, let's just say that I have
been able to setup Apache, the Mod_Security, SSL and SubVersion and
I  am able to access the subversion repository locally with the svn
commands and the web-browser, but not remotely.

The SSL certificates are installed in the /etc/httpd/conf directory and it
work via the browser and the svn commands in the shell. But doing this
remotely with a web-browser or the following svn command results in the
server certificate not being passed to the client at all.  It appears to show
some bogus certificate Issuer instead. as follows:

+  svn list https://svn.<domain>.com

Error validating server certificate for 'https://svn.<domain>.com:443':
- The certificate is not issued by a trusted authority. Use the  fingerprint to
    validate the certificate manually!
- The certificate hostname does not match.
Certificate information:
- Hostname: <hostname>.<domain>.com
- Valid: from Sun, 09 Dec 2007 01:13:54 GMT until Mon, 08 Dec 2008 01:13:54 GMT
- Issuer: SomeOrganizationalUnit, SomeOrganization, SomeCity, SomeState, --
- Fingerprint: 70:ab:9c:b3:97:a3:98:02:39:5e:59:b4:50:2c:07:bc:66:64:c4:c4
(R)eject, accept (t)emporarily or accept (p)ermanently? t
svn: PROPFIND request failed on '/'
svn: PROPFIND of '/': 405 Method Not Allowed (https://svn.<domain>.com)


Below is the mod_security audit log file showing the results:
=============================================================
/var/log/httpd/modsec_audit.log:
Note: Client: 10.1.0.11. Server: 10.1.0.143
=============================================================
--5b7f8e6b-A--
[08/Feb/2008:16:13:55 --0800] lRvlFwoBAI8AACDvh3wAAAAB 10.1.0.11 2006 10.1.0.143 443
--5b7f8e6b-B--
PROPFIND / HTTP/1.1
Host: svn.<domain>.com
User-Agent: SVN/1.4.5 (r25188) neon/0.26.4
Keep-Alive:
Connection: TE, Keep-Alive
TE: trailers
Content-Length: 300
Content-Type: text/xml
Depth: 0
Accept-Encoding: gzip, gzip

--5b7f8e6b-C--
<?xml version="1.0" encoding="utf-8"?>
<propfind xmlns="DAV:">
<prop>
<version-controlled-configuration xmlns="DAV:"/><resourcetype xmlns="DAV:"/>
<baseline-relative-path xmlns="http://subversion.tigris.org/xmlns/dav/"/>
<repository-uuid xmlns="http://subversion.tigris.org/xmlns/dav/"/>
</prop>
</propfind>
--5b7f8e6b-F--
HTTP/1.1 405 Method Not Allowed
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1

--5b7f8e6b-H--
Message: Access allowed (phase 2). Pattern match "^(PROPFIND|PROPPATCH)$" at
    REQUEST_METHOD. [id "1"] [msg "SVN request, allow it."]
Stopwatch: 1202516035101975 51173 (1957* 2642 -)
Producer: ModSecurity v2.1.3 (Apache 2.x)
Server: Apache/2.2.6 (Fedora)

--5b7f8e6b-Z--
=============================================================

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux