You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Julie Voce <ju...@outlook.com> on 2020/10/29 09:41:46 UTC

using mod rewrite


I have mod_dav and authz_svn set up and working fine.  A virtual host exists as below.

I have a set of documents that I want to move to a top level.  Clients are set up only to use the subdirectories, i.e. set up as svn co https://svn.compnay.com/config.  One group of users is using svn+ssh and I want to move them to https to leverage better access control.  I also want to move their files in /config/compliance to /compliance.  I cannot do this at once as it will disrupt their access.  for the time being I want to move them to https://svn.company/config/compliance but set them up as https://svn.company.com/complaince and within apache redirect https://svn.company.com/config/complaince to https://svn.company.com/compliance.  Then when the time is right svn move the config/compliance to compliance and add a <Location> section in apache to replace the re-write rules and the user will carry on almost oblibious to the change.  However I cannot get the re-write rules to work with SVN -Dav.  The commented out re-write rules end with a https::/svn.company.com/compliance does not exist and using Re-write rules in a <Location> section is not recommended by apache.

Can any one suggest how I can achieve the mapping of config/compliance -> compliance?

regards



<VirtualHost *:80>

        LogLevel debug

        RequestHeader edit Destination ^https: http: early

        PassEnv DENV

        SetEnv SERVICENAME subversion

        ServerName subversion

        DocumentRoot /mnt/svn/

        CustomLog "|/usr/sbin/rotatelogs -l /var/log/service/subversion_access_log.%Y-%m-%d 86400" common

        ErrorLog "|/usr/sbin/rotatelogs -l /var/log/service/subversion_log.%Y-%m-%d 86400"

#       SVNAllowBulkUpdates Off

#       RewriteEngine On

#       RewriteRule "^/compliance/(.*)" /config/compliance/$1 [PT,L]

#       RewriteRule "^/compliance$" "/config/compliance" [PT,L]

        LogLevel alert rewrite:trace5 core:trace5 authz_svn:trace5 dav_svn:trace5 authnz_ldap_module:trace5 auth_gssapi_module:trace5


<Location "/">

        DAV svn

        SVNPath /mnt/svn/company

        AuthType GSSAPI

        AuthName "Enterprise Subversion Repositories"

    <RequireAll>

        # as we Require on the root this applies to all

        # paths below it.

        Require valid-user

    </RequireAll>

        GssapiBasicAuth On

        GssapiCredStore keytab:/etc/httpd/subversion.keytab

        GssapiNegotiateOnce On

        GssapiSignalPersistentAuth On

        GssapiLocalName on

        GssapiUseSessions On

        Session On

        SessionCookieName krb5_session path=/;httponly;secure;

</Location>


<LocationMatch "/config">

        AuthType GSSAPI

        GssapiCredStore keytab:/etc/httpd/subversion.keytab

        GssapiNegotiateOnce On

        GssapiSignalPersistentAuth On

        GssapiLocalName on

        GssapiUseSessions On

        Session On

        SessionCookieName krb5_session path=/;httponly;secure;

    <RequireAll>

           Require ldap-group-config

           Require valid-user

    </RequireAll>

</LocationMatch>


</Location>

</VirtualHost>


<