You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Phil Lawrence <pr...@Lehigh.EDU> on 2005/06/06 17:17:40 UTC

read only access by hostname?

Can anyone suggest how I might force access to be anonymous/read only 
when coming from a particular hostname?  I don't want anyone able to 
check IN code from our production server, only read.

Currently my apache conf looks like this:

<Location />
   DAV svn
   SVNPath /var/svn

   ### our access control policy
   Order Deny,Allow
   Deny from all
   AuthzSVNAccessFile /etc/svn-access-file

   # try anonymous access first, resort to real
   # authentication if necessary.
   Satisfy Any
   Require valid-user

   # how to authenticate a user
   AuthType Basic
   AuthName "AD Lookup"
   AuthLDAPURL ldap://...
</Location>

If I can't do it with one virtual host, perhaps I could run a 2nd, 
read-only service that only allows traffic from the production server. 
Then deny all traffic from that same server with the normal svn virtual 
host?

Phil

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: read only access by hostname?

Posted by Charles Bailey <ba...@gmail.com>.

On 6/6/05, Phil Lawrence <pr...@lehigh.edu> wrote:
> Can anyone suggest how I might force access to be anonymous/read only
> when coming from a particular hostname?  I don't want anyone able to
> check IN code from our production server, only read.
> 
> Currently my apache conf looks like this:
> 
> <Location />
>    DAV svn
>    SVNPath /var/svn
> 
>    ### our access control policy
>    Order Deny,Allow
>    Deny from all
>    AuthzSVNAccessFile /etc/svn-access-file
> 
>    # try anonymous access first, resort to real
>    # authentication if necessary.
>    Satisfy Any
>    Require valid-user
> 
>    # how to authenticate a user
>    AuthType Basic
>    AuthName "AD Lookup"
>    AuthLDAPURL ldap://...

Could you try something like (untested)

    <LimitExcept GET CONNECT PROPFIND OPTIONS>
         Order Allow,Deny
          Deny from production.server
    </LimitExcept>

> </Location>

-- 
Regards,
Charles Bailey
Lists: bailey _dot_ charles _at_ gmail _dot_ com
Other: bailey _at_ newman _dot_ upenn _dot_ edu

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org