On Wed, Jan 21, 2009 at 1:07 AM, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote: > Brian Mearns wrote: >> >> Let's start with the obvious question first: how are you trying to >> access SVN outside the LAN? You've configured your repos location to >> only require SSL for certain methods, and GET is not one of them. So >> if your only issue is that you're able to browser your repos online >> without SSL, then you need to get rid of the LimitExcept tag, and move >> the SSLRequireSSL into the top level of the <Location /repos> tag. >> >> If that's not the issue (i.e., if you are also able to perform other >> methods without SSL), try adding "Satisfy All" inside you <Location >> /repos> tag (and possibly inside the LimitExcept tag). There is a >> "Satisfy Any" in your htdocs config file which I assume is getting >> inherited here, that could be causing you problems. >> >> Another note, the <Location> tag alone doesn't create a vhost, you >> need to explicitly set that up if you want one. However, I'm going to >> politely disagree with the previous comments: you don't /need/ to make >> svn a separate vhost for it to work. Properly configured, you can use >> the SSLRequireSSL directive to make sure it is only accessed via >> HTTPS, without it being it's own Virtual Host. >> >> Somewhat off topic, it sounds like your primary server configuration >> is in a .htaccess file under your DocumentRoot (htdocs). Is that >> right? That can cause serious performance degradation because it's >> going to have to searhc for and parse this file for every request. The >> "preferred" way is to use an httpd.conf file which only get's parsed >> once when the server starts. The .htaccess files should generally be >> limited to just a few cases where things need to be overridden. Even >> that isn't always necessary because Directory overrides can be used in >> httpd.conf. The only real use I can think of for .htacess files is for >> virtual hosts whose owners don't have access to the httpd.conf file. >> >> Any of that help? >> -Brian >> >> > > Hello Brain, > > Thanks a lot for this in-depth know how. > > You are right as I don't like to allow browsing svn repos through HTTP. > Your other assumption is also right that the .htaccess is somehow > inherited. But .htaccess does not contain the primary server > configuration. It is only demarcating the LAN from the Internet. I don't > mind though if svn is accessable through http inside the LAN but the > important point is even from the internet it is also accessable through > HTTP. That's why I am looking a way so that I force the svn to allow > only HTTPS. I have also placed the SSLRequireSSL inside <Location > /repos> part but it had no effect i.e. still an internet user can access > it through HTTP. > Sorry if this is a duplicate message, I got a bounce the first time I tried: Did you try the Satisdy All directive in the <Location /repos>? -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://pgp.mit.edu/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|