httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rog7...@web.de
Subject Re: [users@httpd] overlapping <Location>-Sections
Date Thu, 25 Mar 2010 16:02:05 GMT
On Tue, Mar 23, 2010 at 12:38:43PM -0400, Eric Covener wrote:
> On Tue, Mar 23, 2010 at 12:33 PM,  <rog7993@web.de> wrote:
> >>> <Location "/websvn">
> >>>   WebSVN stuff
> >>> </Location>
> >>>
> >>> <LocationMatch "/(?!websvn)">
> >>>   subversion stuff
> >>> </LocationMatch>

Possibly this configuration does not work because of a bug in Apache,
mod_dav or mod_dav_svn in the handling of "complex" regular expressions
within <LocationMatch> directives. I found this five years old bug
description:

  https://issues.apache.org/bugzilla/show_bug.cgi?id=35077

I don't know whether this was fixed in newer Apache versions in the
meantime. But this bug is still open.

> Going back to OP, what part of the outter location did you think was
> bleeding in? Did you just need to reset to satisfy all?

No. Mainly I want to deactivate "DAV". I didn't posted it until now.
But this configuration doesn't work, too:

<Location />
    # Subversion stuff
    DAV svn
    ...
</Location>

<Location /websvn>
    # WebSVN stuff
    DAV off
    ...
</Location>

I found an other solution. Requests to WebSVN (/websvn) will be handled
directly by the SSL-VirtualHost, all other requests (subversion
repositories) will be proxied to another VirtualHost. See above. But I'm
not happy with this solution, because it reduces the subversion
performance significantly.

<VirtualHost *:80>
    ServerName svnserv01....
    ServerAlias localhost

    RequestHeader edit Destination ^https http early

    LogLevel Warn

    <Location />
        DAV svn
        SVNParentPath /home/subversion/repos

        AuthzSVNAccessFile svn-access-file

        SSLRequireSSL

        AuthType Basic
        AuthBasicProvider ldap
        AuthName "Subversion repository (LDAP password)"
        AuthLDAPUrl ...

        # try anonymous access first, resort to real
        # authentication if necessary.
        Satisfy Any
        Require valid-user
    </Location>
</VirtualHost>

<VirtualHost *:443>
    ServerName svnserv01...
    DocumentRoot /var/www/svnserv01/htdocs

    Alias /websvn-2.3.0/ /opt/websvn-2.3.0/

    RewriteEngine On

    RewriteCond   %{REQUEST_URI}  !^/websvn.*
    RewriteRule   (.*)   http://localhost$1 [P]

    LogLevel warn

    SSLEngine On
    SSLCertificateFile ...
    SSLCertificateKeyFile ...
    SSLCACertificateFile ...

    <Directory /var/www/svnserv01/htdocs>
         Options Multiviews SymLinksIfOwnerMatch

         Order allow,deny
         Allow from all
    </Directory>

    <Directory /opt/websvn-2.3.0/templates>
         Order allow,deny
         Allow from all
    </Directory>

    <Location "/websvn">
        Order allow,deny
        Allow from all

        SSLRequireSSL

        AuthType Basic
        AuthBasicProvider ldap
        AuthName "Subversion repository (LDAP password)"
        AuthLDAPUrl ...
        AuthzLDAPAuthoritative off

        # try anonymous access first, resort to real
        # authentication if necessary.
        #Satisfy Any
        Require valid-user
    </Location>

    <Location />
        Order allow,deny
        Allow from all
    </Location>

</VirtualHost>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message