You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Phil Lawrence <pr...@Lehigh.EDU> on 2005/06/06 17:17:40 UTC
read only access by hostname?
Can anyone suggest how I might force access to be anonymous/read only
when coming from a particular hostname? I don't want anyone able to
check IN code from our production server, only read.
Currently my apache conf looks like this:
<Location />
DAV svn
SVNPath /var/svn
### our access control policy
Order Deny,Allow
Deny from all
AuthzSVNAccessFile /etc/svn-access-file
# try anonymous access first, resort to real
# authentication if necessary.
Satisfy Any
Require valid-user
# how to authenticate a user
AuthType Basic
AuthName "AD Lookup"
AuthLDAPURL ldap://...
</Location>
If I can't do it with one virtual host, perhaps I could run a 2nd,
read-only service that only allows traffic from the production server.
Then deny all traffic from that same server with the normal svn virtual
host?
Phil
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: read only access by hostname?
Posted by Charles Bailey <ba...@gmail.com>.
On 6/6/05, Phil Lawrence <pr...@lehigh.edu> wrote:
> Can anyone suggest how I might force access to be anonymous/read only
> when coming from a particular hostname? I don't want anyone able to
> check IN code from our production server, only read.
>
> Currently my apache conf looks like this:
>
> <Location />
> DAV svn
> SVNPath /var/svn
>
> ### our access control policy
> Order Deny,Allow
> Deny from all
> AuthzSVNAccessFile /etc/svn-access-file
>
> # try anonymous access first, resort to real
> # authentication if necessary.
> Satisfy Any
> Require valid-user
>
> # how to authenticate a user
> AuthType Basic
> AuthName "AD Lookup"
> AuthLDAPURL ldap://...
Could you try something like (untested)
<LimitExcept GET CONNECT PROPFIND OPTIONS>
Order Allow,Deny
Deny from production.server
</LimitExcept>
> </Location>
--
Regards,
Charles Bailey
Lists: bailey _dot_ charles _at_ gmail _dot_ com
Other: bailey _at_ newman _dot_ upenn _dot_ edu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org