No takers?
Anyone have a working "<Location (...)>" directive under HTTPS?
Thanks for you time!
--
Nick Withers
email: nick@xxxxxxxxxxxxxxx
Web: http://www.nickwithers.com
Mobile: +61 414 397 446
On Fri, 3 Mar 2006 15:09:22 +1100
Nick Withers <nick@xxxxxxxxxxxxxxx> wrote:
> G'day all,
>
> I'm going quickly insane attempting to set up a Subversion
> ("http://subversion.tigris.org";) repository to be accessed
> through the Apache HTTPD over HTTPS and was hoping you lovely
> campers would be able to offer me some help...
>
> Here's the story (as I understand it):
> - I'm running Apache HTTPD 2.2.0 with the prefork MPM under
> FreeBSD 6.0-RELEASE
> - I have to use a "<Location (...)>" directive to instruct
> the HTTPD to pass requests for "https://www.nickwithers.com/svn/
> (...)" through mod_dav
> - Whilst I can get the thing to work without dramas over
> HTTP, the "<Location (...)>" directive appears to be silently
> ignored over HTTPS - Requests for
> "https://nickwithers.com/svn/downtime";, for instance, produce
> the output "client denied by server
> configuration: /usr/local/www/data/svn" in the configured error
> log
> - I can access other data over HTTPS (i.e.: My SquirrelMail
> installation)
>
> Here's a (vaguely) sanitised version of my "httpd.conf":
> _____
>
> ServerRoot "/usr/local"
>
> Listen 80
>
> LoadModule authn_file_module libexec/apache22/mod_authn_file.so
> LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so
> LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so
> LoadModule authn_default_module
> libexec/apache22/mod_authn_default.so LoadModule
> authz_host_module libexec/apache22/mod_authz_host.so LoadModule
> authz_groupfile_module libexec/apache22/mod_authz_groupfile.so
> LoadModule authz_user_module libexec/apache22/mod_authz_user.so
> LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so
> LoadModule authz_owner_module
> libexec/apache22/mod_authz_owner.so LoadModule
> authz_default_module libexec/apache22/mod_authz_default.so
> LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
> LoadModule auth_digest_module
> libexec/apache22/mod_auth_digest.so LoadModule
> file_cache_module libexec/apache22/mod_file_cache.so LoadModule
> cache_module libexec/apache22/mod_cache.so LoadModule
> disk_cache_module libexec/apache22/mod_disk_cache.so LoadModule
> include_module libexec/apache22/mod_include.so LoadModule
> filter_module libexec/apache22/mod_filter.so LoadModule
> charset_lite_module libexec/apache22/mod_charset_lite.so
> LoadModule deflate_module libexec/apache22/mod_deflate.so
> LoadModule log_config_module libexec/apache22/mod_log_config.so
> LoadModule logio_module libexec/apache22/mod_logio.so
> LoadModule env_module libexec/apache22/mod_env.so LoadModule
> mime_magic_module libexec/apache22/mod_mime_magic.so LoadModule
> cern_meta_module libexec/apache22/mod_cern_meta.so LoadModule
> expires_module libexec/apache22/mod_expires.so LoadModule
> headers_module libexec/apache22/mod_headers.so LoadModule
> usertrack_module libexec/apache22/mod_usertrack.so LoadModule
> unique_id_module libexec/apache22/mod_unique_id.so LoadModule
> setenvif_module libexec/apache22/mod_setenvif.so LoadModule
> proxy_module libexec/apache22/mod_proxy.so LoadModule
> proxy_connect_module libexec/apache22/mod_proxy_connect.so
> LoadModule proxy_ftp_module libexec/apache22/mod_proxy_ftp.so
> LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so
> LoadModule proxy_ajp_module libexec/apache22/mod_proxy_ajp.so
> LoadModule proxy_balancer_module
> libexec/apache22/mod_proxy_balancer.so LoadModule ssl_module
> libexec/apache22/mod_ssl.so LoadModule mime_module
> libexec/apache22/mod_mime.so LoadModule dav_module
> libexec/apache22/mod_dav.so LoadModule dav_svn_module
> libexec/apache22/mod_dav_svn.so LoadModule status_module
> libexec/apache22/mod_status.so LoadModule autoindex_module
> libexec/apache22/mod_autoindex.so LoadModule asis_module
> libexec/apache22/mod_asis.so LoadModule info_module
> libexec/apache22/mod_info.so LoadModule cgi_module
> libexec/apache22/mod_cgi.so LoadModule dav_fs_module
> libexec/apache22/mod_dav_fs.so LoadModule vhost_alias_module
> libexec/apache22/mod_vhost_alias.so LoadModule
> negotiation_module libexec/apache22/mod_negotiation.so
> LoadModule dir_module libexec/apache22/mod_dir.so LoadModule
> imagemap_module libexec/apache22/mod_imagemap.so LoadModule
> actions_module libexec/apache22/mod_actions.so LoadModule
> speling_module libexec/apache22/mod_speling.so LoadModule
> userdir_module libexec/apache22/mod_userdir.so LoadModule
> alias_module libexec/apache22/mod_alias.so LoadModule
> rewrite_module libexec/apache22/mod_rewrite.so LoadModule
> php4_module libexec/apache22/libphp4.so LoadModule
> authz_svn_module libexec/apache22/mod_authz_svn.so
>
> <IfModule !mpm_winnt_module>
> <IfModule !mpm_netware_module>
> User www
> Group www
> </IfModule>
> </IfModule>
>
> ServerAdmin www@xxxxxxxxxxxxxxx
>
> DocumentRoot "/usr/local/www/data"
>
> <Directory />
> AllowOverride None
> Order deny,allow
> Deny from all
> </Directory>
>
> <IfModule dir_module>
> DirectoryIndex index.html index.php
> </IfModule>
>
> <FilesMatch "^\.ht">
> Order allow,deny
> Deny from all
> </FilesMatch>
>
> ErrorLog /var/log/httpd-error.log
>
> LogLevel warn
>
> <IfModule log_config_module>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%
> {User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b"
> common
>
> <IfModule logio_module>
> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%
> {User-Agent}i\" %I %O" combinedio </IfModule>
>
> CustomLog /var/log/httpd-access.log combined
> </IfModule>
>
> <IfModule alias_module>
> ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/"
> </IfModule>
>
> <Directory "/usr/local/www/cgi-bin">
> AllowOverride None
> Options None
> Order allow,deny
> Allow from all
> </Directory>
>
> DefaultType text/plain
>
> <IfModule mime_module>
> TypesConfig etc/apache22/mime.types
> AddType application/x-compress .Z
> AddType application/x-gzip .gz .tgz
> AddType application/x-httpd-php .php
> AddType application/x-httpd-php-source .phps
> </IfModule>
>
> <IfModule ssl_module>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
>
> Include etc/apache22/httpd-ssl.conf
> </IfModule>
>
> ServerTokens Prod
> ServerSignature Off
>
> NameVirtualHost *:80
>
> <Directory /usr/local/www/data/nickwithers.com>
> Order allow,deny
> Allow from all
> </Directory>
>
> <Directory /usr/local/www/svn>
> Order allow,deny
> Allow from all
> AuthType Basic
> AuthName "Subversion repository"
> AuthUserFile /etc/svn/auth-user
> Require valid-user
> </Directory>
>
> <Location /svn>
> DAV svn
> SVNParentPath /usr/local/www/svn
> AuthzSVNAccessFile /etc/svn/http-access-policy
> AuthType Basic
> AuthName "Subversion repository"
> AuthUserFile /etc/svn/auth-user
> Require valid-user
> </Location>
>
> <VirtualHost *:80>
> ServerName nickwithers.com
> ServerAlias nickwithers.com www.nickwithers.com
> DocumentRoot /usr/local/www/data/nickwithers.com
> CustomLog /var/log/httpd-nickwithers.com-access.log combined
> </VirtualHost>
>
> <VirtualHost *:80>
> ServerName nickwithers.net
> ServerAlias nickwithers.net www.nickwithers.net
> DocumentRoot /usr/local/www/data/nickwithers.com
> CustomLog /var/log/httpd-nickwithers.net-access.log combined
> </VirtualHost>
>
> <VirtualHost *:80>
> ServerName nickwithers.org
> ServerAlias nickwithers.org www.nickwithers.org
> DocumentRoot /usr/local/www/data/nickwithers.com
> CustomLog /var/log/httpd-nickwithers.org-access.log combined
> </VirtualHost>
>
> # (More unrelated directories and VirtualHosts, including several
> # that are proxied off to other internal servers through
> # mod_proxy)
>
> Include etc/apache22/Includes/*.conf
> _____
>
> ...And the "httpd-ssl.conf":
> _____
>
> Listen 443
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
>
> SSLPassPhraseDialog builtin
>
> SSLSessionCache shmcb:/var/run/ssl_scache(512000)
> SSLSessionCacheTimeout 300
>
> SSLMutex file:/var/run/ssl_mutex
>
> <VirtualHost _default_:443>
>
> DocumentRoot "/usr/local/www/data"
> ServerName nickwithers.com:443
> ServerAdmin www@xxxxxxxxxxxxxxx
> ErrorLog /var/log/httpd-error.log
> TransferLog /var/log/httpd-access.log
>
> SSLEngine on
> SSLCipherSuite HIGH:MEDIUM
> SSLCertificateFile (PATH)/server.crt
> SSLCertificateKeyFile (PATH)/server.key
>
> <FilesMatch "\.(cgi|shtml|phtml|php)$">
> SSLOptions +StdEnvVars
> </FilesMatch>
> <Directory "/usr/local/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
>
> BrowserMatch ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd-ssl_request.log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> Alias /squirrelmail "/usr/local/www/squirrelmail"
>
> <Directory /usr/local/www/squirrelmail>
> SSLRequireSSL
> AllowOverride None
> Options ExecCGI
> Order allow,deny
> Allow from all
> </Directory>
>
> </VirtualHost>
> _____
>
> I've tried whacking the "<Location (...)>" directive in the
> "<VirtualHost _default_:443>" section of the "httpd-ssl.conf"
> file too, to no avail...
>
> Any ideas? It's bound to be me doing something daft! I'm
> thinking all this VirtualHost stuff might be biting me somehow.
>
> Thanks!
>
> --
> Nick Withers
> email: nick@xxxxxxxxxxxxxxx
> Web: http://www.nickwithers.com
> Mobile: +61 414 397 446
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|