View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Protecting Apache directories
Log in to Ask a Question

Protecting Apache directories

development

I'm trying to protect a subversion repository, requiring a username/password to browse the repo, and requiring the user to be a member of the admin group to file any changes.

Guest user (read-only permissions) is 'user1', admin user (read-write permissions) is 'user2'. Both are defined in davsvn.passwd file, but only user2 is defined in davsvn.group, ie

dav_svn.group

admin:user2

[httpd.conf]

 <virtualhost *:443=""><location svn="">DAV svn
    SVNPath /path/to/svn
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile /etc/apache2/dav_svn.passwd
    AuthGroupFile /etc/apache2/dav_svn.group
    Require valid-user

    <limitexcept get="" propfind="" options="" report="">Require group admin</limitexcept></location></virtualhost>

Although attempts to acces the repo is greeted with the login box for both users, both users can commit changes to the repo, and the Apache access.log shows PUT, MERGE, CHECKOUT, DELETE, PROPPATCH, MKACTIVITY, etc entries for user1, who should not be able to do any of those things.

I tried putting 'Require valid-user' in a block, but it didn't help.

It looks like the LimitExcept block is not taking effect, but I can't see where I might have mis-configured it. Any help appreciated.

0 Replies

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct