?
Solved

SVN repository files are accessible in Apache for some reason...

Posted on 2013-11-05
2
Medium Priority
?
417 Views
Last Modified: 2013-11-05
Hopefully this is a quick one.

I am setting up a new SVN Repository.  It's a brand new CentOS 6.4 server installed with the "Basic Server" option, and then I installed the subversion and mod_authz and some ldap packages.

My SVN home directory is /var/www/svn/, and my repository is called "mystuff", so the actual repository files are available at /var/www/svn/mystuff

My /etc/httpd/conf.d/subversion.conf is below:

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

<Location /repos>
   DAV svn
   SVNParentPath /var/www/svn

   AuthType Basic
   AuthName "Please login with your LDAP account details"
   AuthBasicProvider ldap
   AuthLDAPURL "(REDACTED)" NONE
   AuthLDAPBindDN "(REDACTED)"
   AuthLDAPBindPassword "(REDACTED)"
   Require ldap-group (REDACTED)
</Location>

Open in new window


When I go to http://xxx.xxx.xxx.xxx/repos/mystuff I successfully am prompted for authentication, and then I see the SVN repository.

Accessing the repository works as expected
HOWEVER, if I go to http://xxx.xxx.xxx.xxx/mystuff I am presented with the raw repository database files in the /var/www/svn/mystuff ! Without authentication!

Accidental access to the repository files

I'm totally stumped. I never specified anywhere in my config that this should be the case, I don't understand why I can access the repository files directly like that. And I'm sure it's a security issue.

Anybody know what's going on?

-Gordon
0
Comment
Question by:Frosty555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 31

Accepted Solution

by:
Frosty555 earned 0 total points
ID: 39625208
Okay I was just stupid...

In a previous failed attempt, I accidentally called "svnadmin create" and make an empty SVN repository called "mystuff" in the /var/www/html/ folder.

It's amazing how just writing out the question and posting it here helped me come to the answer. Rubber duck debugging, huh?
0
 
LVL 31

Author Closing Comment

by:Frosty555
ID: 39625212
see comments above
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month12 days, 7 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question