Brian Mearns wrote: > On Wed, Jan 21, 2009 at 1:07 AM, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote: > >> Brian Mearns wrote: >> >>> Let's start with the obvious question first: how are you trying to >>> access SVN outside the LAN? You've configured your repos location to >>> only require SSL for certain methods, and GET is not one of them. So >>> if your only issue is that you're able to browser your repos online >>> without SSL, then you need to get rid of the LimitExcept tag, and move >>> the SSLRequireSSL into the top level of the <Location /repos> tag. >>> >>> If that's not the issue (i.e., if you are also able to perform other >>> methods without SSL), try adding "Satisfy All" inside you <Location >>> /repos> tag (and possibly inside the LimitExcept tag). There is a >>> "Satisfy Any" in your htdocs config file which I assume is getting >>> inherited here, that could be causing you problems. >>> >>> Another note, the <Location> tag alone doesn't create a vhost, you >>> need to explicitly set that up if you want one. However, I'm going to >>> politely disagree with the previous comments: you don't /need/ to make >>> svn a separate vhost for it to work. Properly configured, you can use >>> the SSLRequireSSL directive to make sure it is only accessed via >>> HTTPS, without it being it's own Virtual Host. >>> >>> Somewhat off topic, it sounds like your primary server configuration >>> is in a .htaccess file under your DocumentRoot (htdocs). Is that >>> right? That can cause serious performance degradation because it's >>> going to have to searhc for and parse this file for every request. The >>> "preferred" way is to use an httpd.conf file which only get's parsed >>> once when the server starts. The .htaccess files should generally be >>> limited to just a few cases where things need to be overridden. Even >>> that isn't always necessary because Directory overrides can be used in >>> httpd.conf. The only real use I can think of for .htacess files is for >>> virtual hosts whose owners don't have access to the httpd.conf file. >>> >>> Any of that help? >>> -Brian >>> >>> >>> >> Hello Brain, >> >> Thanks a lot for this in-depth know how. >> >> You are right as I don't like to allow browsing svn repos through HTTP. >> Your other assumption is also right that the .htaccess is somehow >> inherited. But .htaccess does not contain the primary server >> configuration. It is only demarcating the LAN from the Internet. I don't >> mind though if svn is accessable through http inside the LAN but the >> important point is even from the internet it is also accessable through >> HTTP. That's why I am looking a way so that I force the svn to allow >> only HTTPS. I have also placed the SSLRequireSSL inside <Location >> /repos> part but it had no effect i.e. still an internet user can access >> it through HTTP. >> >> > Did you try the "Satisfy All" directive in that Location? > > No, there is no "Satisfy All" inside <Location /repos> --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|