subversion: enforce TLS

Question

I am running subversion on a Debian Squeeze system with Apache2 and mod_dav for viewing the contents with a webbrowser.

I want to enforce the usage of TLS, so that the login data and the SVN contents cannot be read from the connection.

I have tried following:

<Location /svn>
   DAV svn
   SVNParentPath /daten/subversion/

   # our access control policy
   AuthzSVNAccessFile /daten/subversion/access_control

   # try anonymous access first, resort to real
   # authentication if necessary.
   Satisfy Any
   Require valid-user

   # how to authenticate a user
   AuthType Basic
   AuthName "Subversion repository"
   AuthUserFile /daten/subversion/.htpasswd

   # Test
   SSLRequireSSL

   RewriteEngine On
   RewriteCond %{SERVER_PORT} !443
   RewriteRule ^svn/(.)$ https://www.viathinksoft.de/svn/$1 [R,L]
</Location>

at file /etc/apache2/conf.d/subversion.conf

Alas, this does not work. There is no redirect and there is still a HTTP request working at /svn/(projectname)/(somefolder) .

This SSL-enforce-policy should work for - viewing the contents with webbrowser - retrieve contents with TurtoiseSVN client - committing contents with TurtoiseSVN client

Can you please help me?

Regards Daniel Marschall

score 2 · Accepted Answer · answered Mar 20 '11 at 02:41

2

You need to have a separate VirtualHost for SSL. The non-ssl VirtualHost should only have the rewrite, not Dav or any of the other stuff (but you don't need to wrap it in a <Location> block).

Move the <Location> block (without the rewrite) entirely into the SSL VirtualHost.

answered Mar 20 '11 at 02:41

bahamat

6,263
24
28

Thanks. This worked. :-) Important is also to not forget the ServerName attribute resp. adding the location to the VirtualHost of the existing "htdocs" 443 VirtualHost. – Daniel Marschall Mar 20 '11 at 16:31

subversion: enforce TLS

1 Answers1