You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Chris Alexander <ch...@azimuthinc.com> on 2007/03/01 13:48:24 UTC
SVN HTTP Policy
Hello,
I recently installed svn over apache2 and am setting up the policy in
dav_svn.conf.
Basically, I want developers on our local LAN free access over standard
HTTP without the need for a username and password. But outside our LAN
I want them to login via a username and password over HTTPS for all
functions (Read, Checkout, Commit, etc). I want it to point to the same
repository ether way.
Is there a way to first check the IP of the client then if it's not
parts of the "trusted IPs" then ask for user authentication?
Thanks,
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: SVN HTTP Policy
Posted by Ryan Schmidt <su...@ryandesign.com>.
On Mar 1, 2007, at 07:48, Chris Alexander wrote:
> I recently installed svn over apache2 and am setting up the policy
> in dav_svn.conf.
>
> Basically, I want developers on our local LAN free access over
> standard HTTP without the need for a username and password. But
> outside our LAN I want them to login via a username and password
> over HTTPS for all functions (Read, Checkout, Commit, etc). I want
> it to point to the same repository ether way.
>
> Is there a way to first check the IP of the client then if it's not
> parts of the "trusted IPs" then ask for user authentication?
This is more of an Apache question than a Subversion question, but
yes, that should be possible. That is to say, I have done this on our
general intranet web site (unrelated to Subversion). See the Apache
docs:
From http://httpd.apache.org/docs/2.2/mod/core.html#satisfy :
> For example, if you wanted to let people on your network have
> unrestricted access to a portion of your website, but require that
> people outside of your network provide a password, you could use a
> configuration similar to the following:
>
> Require valid-user
> Allow from 192.168.1
> Satisfy Any
Now, note that if people on your local network commit changes to the
repository, the revision will have an empty svn:author property.
That's probably not what you want. So if your local network access is
for read-only operations only, then that's fine, but if you want
local people to be committing changes, then you probably do not want
to do this, and you should enforce a username/password everywhere.
--
To reply to the mailing list, please use your mailer's Reply To All
function
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org