Hopefully this is a quick one.
I am setting up a new SVN Repository. It's a brand new CentOS 6.4 server installed with the "Basic Server" option, and then I installed the subversion and mod_authz and some ldap packages.
My SVN home directory is /var/www/svn/, and my repository is called "mystuff", so the actual repository files are available at /var/www/svn/mystuff
on.conf is below:
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
AuthName "Please login with your LDAP account details"
AuthLDAPURL "(REDACTED)" NONE
Require ldap-group (REDACTED)
When I go to http://xxx.xxx.xxx.xxx/repos/mystuff
I successfully am prompted for authentication, and then I see the SVN repository.
HOWEVER, if I go to http://xxx.xxx.xxx.xxx/mystuff
I am presented with the raw repository database files in the /var/www/svn/mystuff ! Without authentication!
I'm totally stumped. I never specified anywhere in my config that this should be the case, I don't understand why I can access the repository files directly like that. And I'm sure it's a security issue.
Anybody know what's going on?