Protecting Apache directories
Guest user (read-only permissions) is 'user1', admin user (read-write permissions) is 'user2'. Both are defined in davsvn.passwd file, but only user2 is defined in davsvn.group, ie
dav_svn.group
admin:user2
[httpd.conf]
<virtualhost *:443=""><location svn="">DAV svn
SVNPath /path/to/svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
AuthGroupFile /etc/apache2/dav_svn.group
Require valid-user
<limitexcept get="" propfind="" options="" report="">Require group admin</limitexcept></location></virtualhost>
Although attempts to acces the repo is greeted with the login box for both users, both users can commit changes to the repo, and the Apache access.log shows PUT, MERGE, CHECKOUT, DELETE, PROPPATCH, MKACTIVITY, etc entries for user1, who should not be able to do any of those things.
I tried putting 'Require valid-user' in a
It looks like the LimitExcept block is not taking effect, but I can't see where I might have mis-configured it. Any help appreciated.