subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Terry Dooher <>
Subject Authentication of sync user on write-through proxy.
Date Thu, 13 Jun 2013 08:45:47 GMT
Hi all,

I've set up a write-through proxy for one of our studios and I'm getting Access Denied errors
when the post-commit hook executes, or when running the sync command manually from the master.

I'm using apache 2.2/mod_dav_svn 1.7.7 on Debian 6.0. The apache config for vhost ""
is as follows:

  # Primary configuration for local user access.
  <Location />
    Order allow,deny
    Allow from all

    DAV svn
    SVNPath "/var/svn-slave/repo"

    AuthType Basic
    AuthName "Test Repository (SLAVE)"
    AuthUserFile "/etc/apache2/auth/htpass"
    AuthzSVNAccessFile "/etc/apache2/auth/perms"
    Require valid-user

  # Sync access.
  <Location /repo-proxy-sync>
    DAV svn
    SVNPath "/var/svn-slave/repo"

    Order deny,allow
    # Allow connections from server VLAN only.
    Allow from

    AuthType Basic
    AuthName "Test Repository (SLAVE)"
    AuthUserFile "/etc/apache2/auth/sync-htpass"
    Require user syncuser

When executing the following from the master server 

	svnsync sync --non-interactive --no-auth-cache --sync-username syncuser \
	--sync-password <pass> file:///var/svn/repo

I get: 

	svnsync: E175013: Unable to connect to a repository at URL ''
	svnsync: E175013: Access to '' forbidden

And this in the slave error log:

[Thu Jun 13 01:02:01 2013] [error] [client] Access denied: 'syncuser' OPTIONS

So it's 403ing; I think because it can't find 'syncuser' in /etc/apache2/auth/htpass. The
problem only occurs when I have the Primary configured at the URI root <Location />.
If I set them up on separate adjacent paths, it works; but according to the apache docs, I
_should_ be able to override settings in nested Locations. (cf:

Is there a way I can get around this? I could change the Location directives, but I'd prefer
the slave URIs to mirror the master URIs (and changing those would impact a lot of automated



View raw message