Allow SVN anonymous read access from localhost

StackOverflow https://stackoverflow.com/questions/9263723

Frage

I have an SVN repository that is configured to use Basic authentication through Apache httpd to limit access to specified users. To support a continuous integration server (and other read-only services) running on the same server I would like to allow anonymous read access from localhost.

After going some research (i.e. Googling) I came up with trying the following Apache configuration:

<Location /svn>
   DAV svn
   SVNParentPath /var/svn

   AuthType Basic
   AuthName "SVN"
   AuthBasicProvider external
   AuthExternal pwauth

   #Only allow specified users to login to SVN
   require user UID1
   require user UID2
   require user UID3

   #Allow anonymous reads from localhost
   <LimitExcept GET PROPFIND OPTIONS REPORT>
      Order allow,deny
      Allow from 127.0.0.1
   </LimitExcept>
</Location>

When I try to do an anonymous checkout from the local server I still get prompted for a password (in this case for the root user).

Any thoughts or suggestions as to what I might be doing wrong or how I should properly configure things to allow this?

My original attempt at configuring anonymous read access is based off of the information on this page.

War es hilfreich?

Lösung 4

I was never able to find a solution that would allow anonymous read access from localhost only and require authentication for both read and write from any remote system.

Ultimately I created a username/password for the application needing to authenticate.

This wasn't the ideal solution... but it should work fine.

Andere Tipps

  Satisfy Any
  require valid-user

work for me nicely (can checkout, can't commit)

Edit

My block, with relevant and irrelevant parts

<Location /svn/>
  DAV svn

  SVNListParentPath on
  SVNParentPath "D:/Repositories/"
  SVNIndexXSLT "/svnindex.xsl"

  SVNPathAuthz short_circuit

  SVNCacheTextDeltas off
  SVNCacheFullTexts off

  AuthName "VisualSVN Server"
  AuthType Basic
  AuthBasicProvider file
  AuthUserFile "D:/Repositories/htpasswd"
  AuthzSVNAccessFile "D:/Repositories/authz"

  Satisfy Any
  require valid-user

  # Add Expires/Cache-Control header explictly
  ExpiresActive on
  ExpiresDefault access
</Location>

if I skip Satisfy Any, I have to authenticate any request

I think you're after Satisfy Any at the bottom of your Location block, which allows access if any of the Allow and Require directives match (as opposed to the default, which requires them all to match).

Documentation is here.

i dont think this is going to work the "require user" directive is active for the whole location block.

my first thought was to put the "require user" inside the limit block, this won't work because the limit block is active regardless from which ip you are requesting the data.

make a second directory called svn-localhost, map your svn root there a second time with only the limit block present.

Even I was not able to solve the anonymous access problem.

But instead of creating a new read only user, I got the integration (with redmine) to work by using the file based url. So instead of referring to http url (which require authentication), I am using file:///. This does not require authentication.

If you have multiple Require lines that by default it is RequireAny - only one rule needs to pass. So you can do it like this

   Require user UID1 UID2 UID3

   #Allow anonymous reads from localhost
   <LimitExcept GET PROPFIND OPTIONS REPORT>
     Require ip 127.0.0.1
   </LimitExcept>
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top