Solved

SVN repository files are accessible in Apache for some reason...

Posted on 2013-11-05
2
411 Views
Last Modified: 2013-11-05
Hopefully this is a quick one.

I am setting up a new SVN Repository.  It's a brand new CentOS 6.4 server installed with the "Basic Server" option, and then I installed the subversion and mod_authz and some ldap packages.

My SVN home directory is /var/www/svn/, and my repository is called "mystuff", so the actual repository files are available at /var/www/svn/mystuff

My /etc/httpd/conf.d/subversion.conf is below:

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

<Location /repos>
   DAV svn
   SVNParentPath /var/www/svn

   AuthType Basic
   AuthName "Please login with your LDAP account details"
   AuthBasicProvider ldap
   AuthLDAPURL "(REDACTED)" NONE
   AuthLDAPBindDN "(REDACTED)"
   AuthLDAPBindPassword "(REDACTED)"
   Require ldap-group (REDACTED)
</Location>

Open in new window


When I go to http://xxx.xxx.xxx.xxx/repos/mystuff I successfully am prompted for authentication, and then I see the SVN repository.

Accessing the repository works as expected
HOWEVER, if I go to http://xxx.xxx.xxx.xxx/mystuff I am presented with the raw repository database files in the /var/www/svn/mystuff ! Without authentication!

Accidental access to the repository files

I'm totally stumped. I never specified anywhere in my config that this should be the case, I don't understand why I can access the repository files directly like that. And I'm sure it's a security issue.

Anybody know what's going on?

-Gordon
0
Comment
Question by:Frosty555
  • 2
2 Comments
 
LVL 31

Accepted Solution

by:
Frosty555 earned 0 total points
ID: 39625208
Okay I was just stupid...

In a previous failed attempt, I accidentally called "svnadmin create" and make an empty SVN repository called "mystuff" in the /var/www/html/ folder.

It's amazing how just writing out the question and posting it here helped me come to the answer. Rubber duck debugging, huh?
0
 
LVL 31

Author Closing Comment

by:Frosty555
ID: 39625212
see comments above
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now