subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Dalquist <eric.dalqu...@doit.wisc.edu>
Subject Re: read-only repository view
Date Thu, 25 Mar 2010 02:23:45 GMT
That was my concern as well and the following did work without prompting 
for a password. I did realize though that we had a path that was not 
supposed to be publicly readable. In playing with how to deal with that 
I found the following works as well. You get 403s for write operations 
and read operations on paths that are not read *. You also never get 
prompted for authentication information.

<Location /svn>
         DAV svn
         SVNPath /jasig/svn/jasig

         AuthzSVNAccessFile /jasig/svn/svn-read-only-authZ
</Location>

The authZ file looks like:

# Grant a global 'read' to all users, including anon.
[/]
* = r

# Restrict 'read/write' on infrastructure to infrastructure group only
[/infrastructure]
* =


On 3/23/10 3:58 PM, Konstantin Kolinko wrote:
> 2010/3/23 Eric Dalquist<eric.dalquist@doit.wisc.edu>:
>    
>> We would like to have a version of our SVN repository available read-only
>> over HTTP.
>>      
> I have not tried, but I think you can do the following:
>
> ...
> <LimitExcept GET PROPFIND OPTIONS REPORT>
>        Order Deny,Allow
>       Deny from all
> </LimitExcept>
>
>
> If you are providing access both by HTTP and HTTPS it might be a bad
> idea to even ask for credentials on HTTP, because if Basic auth is
> used the credentials are transmitted in plain text.
>
> Probably there are also another ways to limit allowed verbs to the
> above four, e.g. using SetEnvIf. That configuration snippet is just
> what came to mind.
>
> Best regards,
> Konstantin Kolinko
>    


Mime
View raw message