Frosty555
asked on
SVN repository files are accessible in Apache for some reason...
Hopefully this is a quick one.
I am setting up a new SVN Repository. It's a brand new CentOS 6.4 server installed with the "Basic Server" option, and then I installed the subversion and mod_authz and some ldap packages.
My SVN home directory is /var/www/svn/, and my repository is called "mystuff", so the actual repository files are available at /var/www/svn/mystuff
My /etc/httpd/conf.d/subversi on.conf is below:
When I go to http://xxx.xxx.xxx.xxx/repos/mystuff I successfully am prompted for authentication, and then I see the SVN repository.
HOWEVER, if I go to http://xxx.xxx.xxx.xxx/mystuff I am presented with the raw repository database files in the /var/www/svn/mystuff ! Without authentication!
I'm totally stumped. I never specified anywhere in my config that this should be the case, I don't understand why I can access the repository files directly like that. And I'm sure it's a security issue.
Anybody know what's going on?
-Gordon
I am setting up a new SVN Repository. It's a brand new CentOS 6.4 server installed with the "Basic Server" option, and then I installed the subversion and mod_authz and some ldap packages.
My SVN home directory is /var/www/svn/, and my repository is called "mystuff", so the actual repository files are available at /var/www/svn/mystuff
My /etc/httpd/conf.d/subversi
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /repos>
DAV svn
SVNParentPath /var/www/svn
AuthType Basic
AuthName "Please login with your LDAP account details"
AuthBasicProvider ldap
AuthLDAPURL "(REDACTED)" NONE
AuthLDAPBindDN "(REDACTED)"
AuthLDAPBindPassword "(REDACTED)"
Require ldap-group (REDACTED)
</Location>
When I go to http://xxx.xxx.xxx.xxx/repos/mystuff I successfully am prompted for authentication, and then I see the SVN repository.
HOWEVER, if I go to http://xxx.xxx.xxx.xxx/mystuff I am presented with the raw repository database files in the /var/www/svn/mystuff ! Without authentication!
I'm totally stumped. I never specified anywhere in my config that this should be the case, I don't understand why I can access the repository files directly like that. And I'm sure it's a security issue.
Anybody know what's going on?
-Gordon
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER