httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Bakshi" <joyd...@infoservices.in>
Subject Re: [users@httpd] A critical .htaccess problem
Date Thu, 22 Jan 2009 04:19:33 GMT
Brian Mearns wrote:
> On Wed, Jan 21, 2009 at 1:07 AM, J. Bakshi <joydeep@infoservices.in> wrote:
>   
>> Brian Mearns wrote:
>>     
>>> Let's start with the obvious question first: how are you trying to
>>> access SVN outside the LAN? You've configured your repos location to
>>> only require SSL for certain methods, and GET is not one of them. So
>>> if your only issue is that you're able to browser your repos online
>>> without SSL, then you need to get rid of the LimitExcept tag, and move
>>> the SSLRequireSSL into the top level of the <Location /repos> tag.
>>>
>>> If that's not the issue (i.e., if you are also able to perform other
>>> methods without SSL), try adding "Satisfy All" inside you <Location
>>> /repos> tag (and possibly inside the LimitExcept tag). There is a
>>> "Satisfy Any" in your htdocs config file which I assume is getting
>>> inherited here, that could be causing you problems.
>>>
>>> Another note, the <Location> tag alone doesn't create a vhost, you
>>> need to explicitly set that up if you want one. However, I'm going to
>>> politely disagree with the previous comments: you don't /need/ to make
>>> svn a separate vhost for it to work. Properly configured, you can use
>>> the SSLRequireSSL directive to make sure it is only accessed via
>>> HTTPS, without it being it's own Virtual Host.
>>>
>>> Somewhat off topic, it sounds like your primary server configuration
>>> is in a .htaccess file under your DocumentRoot (htdocs). Is that
>>> right? That can cause serious performance degradation because it's
>>> going to have to searhc for and parse this file for every request. The
>>> "preferred" way is to use an httpd.conf file which only get's parsed
>>> once when the server starts. The .htaccess files should generally be
>>> limited to just a few cases where things need to be overridden. Even
>>> that isn't always necessary because Directory overrides can be used in
>>> httpd.conf. The only real use I can think of for .htacess files is for
>>> virtual hosts whose owners don't have access to the httpd.conf file.
>>>
>>> Any of that help?
>>> -Brian
>>>
>>>
>>>       
>> Hello Brain,
>>
>> Thanks a lot for this in-depth know how.
>>
>> You are right as I don't like to allow browsing svn repos through HTTP.
>> Your other assumption is also right that the .htaccess is somehow
>> inherited. But .htaccess does not contain the primary server
>> configuration. It is only demarcating the LAN from the Internet. I don't
>> mind though if svn is accessable through http inside the LAN but the
>> important point is even from the internet it is also accessable through
>> HTTP. That's why I am looking a way so that I force the svn to allow
>> only HTTPS. I have also placed the SSLRequireSSL inside <Location
>> /repos> part but it had no effect i.e. still an internet user can access
>> it through HTTP.
>>
>>     
> Did you try the "Satisfy All" directive in that Location?
>
>   

No, there is no "Satisfy All" inside <Location /repos>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message