Problem committing 1.8 client to 1.8 server

[Robert Middleton <os...@gmail.com>]

I'm having problems committing from my 1.8.X client to a 1.8.3 server.
When I try to commit, I get the following error:

svn: E175013: Commit failed (details follow):
svn: E175013: POST of '/svn/!svn/me': 403 Forbidden (<url>)

I've checked with both 1.8.1 and 1.8.3.

The Apache logs show the following:

[Mon Sep 16 16:08:17 2013] [error] [client <ipaddr>] ModSecurity: Access
denied with code 403 (phase 2).  Operator EQ matched 0 at REQUEST_HEADERS.
[file "/opt/mod_security/10_asl_rules.conf"] [line "64"] [id "390616"] [rev
"2"] [msg "POST request must have a Content-Length header"] [severity
"WARNING"] [hostname <hostname>] [uri "/svn/!svn/me"] [unique_id <id>]

I am able to commit perfectly fine with 1.6.17, so it doesn't seem that
there is a configuration issue, but I don't know for certain.  Is this a
configuration issue or a bug?

-Robert Middleton

Re: Problem committing 1.8 client to 1.8 server

[Robert Middleton <os...@gmail.com>]

Ah, that makes sense now.  Apache is recent(2.2.25), but the server is
using cpanel, and the configuration for that looks like it's by default
pretty locked down.  I'll go update that.  Thanks!

-Robert Middleton


On Mon, Sep 16, 2013 at 10:17 PM, Ben Reser <be...@reser.org> wrote:

> On Mon Sep 16 17:37:20 2013, Ben Reser wrote:
> > This looks like your mod_security configuration doesn't know about
> > chunked encoding for requests.  1.8.x now prefers to use chunked
> > encoding in requests.  I'm not sure what you need to change to
> > configure mod_security to allow chunked requests but that's what you'll
> > probably want to do.
>
> Based on this it looks like you're running an out of date version of
> mod_security:
>
> http://serverfault.com/questions/65733/why-does-modsecurity-require-content-length-in-post-requests
>

Re: Problem committing 1.8 client to 1.8 server

[Ben Reser <be...@reser.org>]

On Mon Sep 16 17:37:20 2013, Ben Reser wrote:
> This looks like your mod_security configuration doesn't know about
> chunked encoding for requests.  1.8.x now prefers to use chunked
> encoding in requests.  I'm not sure what you need to change to
> configure mod_security to allow chunked requests but that's what you'll
> probably want to do.

Based on this it looks like you're running an out of date version of 
mod_security:
http://serverfault.com/questions/65733/why-does-modsecurity-require-content-length-in-post-requests

Re: Problem committing 1.8 client to 1.8 server

[Ben Reser <be...@reser.org>]

On Mon Sep 16 14:19:54 2013, Robert Middleton wrote:
> [Mon Sep 16 16:08:17 2013] [error] [client <ipaddr>] ModSecurity: Access
> denied with code 403 (phase 2).  Operator EQ matched 0 at REQUEST_HEADERS.
> [file "/opt/mod_security/10_asl_rules.conf"] [line "64"] [id "390616"] [rev
> "2"] [msg "POST request must have a Content-Length header"] [severity
> "WARNING"] [hostname <hostname>] [uri "/svn/!svn/me"] [unique_id <id>]

This looks like your mod_security configuration doesn't know about 
chunked encoding for requests.  1.8.x now prefers to use chunked 
encoding in requests.  I'm not sure what you need to change to 
configure mod_security to allow chunked requests but that's what you'll 
probably want to do.

1.8.1 also added an option to change this behavior on the client side 
if changing the above isn't an option.  Setting the 
http-chunked-requests setting to no should disable chunked requests and 
restore the behavior that pre-1.8.x clients had with their requests.  
However, I would recommend that you fix the server since there are 
advantages to using chunked requests (e.g. we don't have to buffer 
requests to calculate the size before starting to send the request).

This section in our Release Notes should be helpful to you:
http://subversion.apache.org/docs/release-notes/1.8.html#411-length-required