On Mon, Jan 19, 2009 at 11:41 PM, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote: > Craig Huffstetler wrote: >> Krist is correct - you need to make sure Subversion a Virtual Host. >> I'm including a few instructions as I'm sure you're all set on >> Subversion and Apache. If you're still having problems let us know. > > Hello Craig and Krist, > > Thanks for your guidance. Craig, the points you have mentioned here are > already done from my side when configuring the svn with https:// and it > had no problem to work with https://. If some one still use http:// it > denied the HTTP protocol which was exactly what I need. > > But the problem is to separate internet from LAN I added the following > in my .htaccess in htdocs. It ask for authentication when accessed from > internet but not from LAN > > ~~~~~~~~~~~~~~~~~~~~~~~~ > AuthType Basic > AuthName "protected place" > AuthUserFile /home/SVN/PASSWD > Require valid-user > Order allow,deny > Allow from 192.168.1.0/24 > Satisfy any > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > After adding this config the svn allow http access too !!! and I want to > deny http for svn. > > Krist, I already have the vhost for svn. here is the vhost config for > svn once again > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~` > <Location /repos> > DAV svn > > AuthType Basic > AuthName "Authorization Realm" > AuthUserFile /home/SVN/PASSWD > Require valid-user > SVNParentPath /home/SVN > > #### Limit write permission to list of valid users. > <LimitExcept GET PROPFIND OPTIONS REPORT> > # # Require SSL connection for password protection. > SSLRequireSSL > > AuthType Basic > AuthName "Authorization Realm" > AuthUserFile /home/SVN/PASSWD > Require valid-user > </LimitExcept> > </Location> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Please suggest what to do ? > Thanks once again Let's start with the obvious question first: how are you trying to access SVN outside the LAN? You've configured your repos location to only require SSL for certain methods, and GET is not one of them. So if your only issue is that you're able to browser your repos online without SSL, then you need to get rid of the LimitExcept tag, and move the SSLRequireSSL into the top level of the <Location /repos> tag. If that's not the issue (i.e., if you are also able to perform other methods without SSL), try adding "Satisfy All" inside you <Location /repos> tag (and possibly inside the LimitExcept tag). There is a "Satisfy Any" in your htdocs config file which I assume is getting inherited here, that could be causing you problems. Another note, the <Location> tag alone doesn't create a vhost, you need to explicitly set that up if you want one. However, I'm going to politely disagree with the previous comments: you don't /need/ to make svn a separate vhost for it to work. Properly configured, you can use the SSLRequireSSL directive to make sure it is only accessed via HTTPS, without it being it's own Virtual Host. Somewhat off topic, it sounds like your primary server configuration is in a .htaccess file under your DocumentRoot (htdocs). Is that right? That can cause serious performance degradation because it's going to have to searhc for and parse this file for every request. The "preferred" way is to use an httpd.conf file which only get's parsed once when the server starts. The .htaccess files should generally be limited to just a few cases where things need to be overridden. Even that isn't always necessary because Directory overrides can be used in httpd.conf. The only real use I can think of for .htacess files is for virtual hosts whose owners don't have access to the httpd.conf file. Any of that help? -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|