SVN over HTTP and mod_security
Reindl Harald
h.reindl at thelounge.net
Sat Sep 10 01:58:19 UTC 2011
Am 10.09.2011 03:47, schrieb Craig White:
> nada - don't use mod_security, know absolutely nothing about it.
>
> I was going to suggest that you check and see if apache foundation has a
> mail list for mod_security because you would get better answers there as
> it appears no one on Fedora Users is actually using the SVN /
> mod_security combo and that's really what you need
i use both mod for subversion modsec is disabled
since you have to disable most rules and svn usually is password
proctected i see no sense activate modsec here without pain
<IfModule mod_dav.c>
<VirtualHost *>
DocumentRoot /Volumes/dune/www-servers/contentlounge/updateservice/subversion
ServerName svn.rhsoft.net
ServerAlias svn.test.rh svn svn.vm.test.rh
Options +Indexes +Multiviews -FollowSymLinks
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable SuppressHTMLPreamble FoldersFirst
<Directory /Volumes/dune/www-servers/contentlounge/updateservice/subversion>
<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
Order Deny,Allow
Allow From All
</Limit>
</Directory>
<Location />
<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
DAV svn
SVNPath /Volumes/dune/www-servers/contentlounge/updateservice/subversion/
SVNListParentPath On
AuthType Basic
AuthName "Versionsverwaltung"
AuthUserFile /etc/httpd/conf/svn_passwd
AuthzSVNAccessFile /etc/httpd/conf/svn_access
Require valid-user
Satisfy all
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</Limit>
</Location>
</VirtualHost>
</IfModule>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110910/66bde3f5/attachment.bin
More information about the users
mailing list