Being that you will be using WebDAV, I'd recommend you look at the AuthzSVNAccessFile directive and control the access you want that way.
Here is what mine looks like: <Location /svn> DAV svn SVNPath /var/svn AuthzSVNAccessFile /var/svn/svnaccess.conf Require Valid-User AuthType Basic AuthName "Code Repository" AuthUserFile /var/svn/passwd </Location> HTH. YMMV. Regards, Dana On Mon, Aug 19, 2013 at 9:07 AM, Scott Frankel <fran...@circlesfx.com>wrote: > > Hi all, > > I'm new to SVN server configuration and find myself setting up a CentOS > 6.4 server with svn version 1.6.1, following the red-bean book. > > I'm having difficulty with authorization &/or authentication: my repo > appears to be accessible by anyone in spite of requiring "valid-user" and > specifying digest authentication. I believe this because 1) I can download > a full working copy of the repo to a 3rd-party logged into a foreign > computer, and 2) I have dozens of entries in apache's logfiles, like these > from this morning, *prior* to any known/legitimate access to my repos today: > > svn_logfile: > [19/Aug/2013:00:46:32 +0000] - checkout-or-export / r1 depth=infinity > > access_log > 93.174.93.213 - - [19/Aug/2013:07:23:50 +0000] "GET > /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 319 "-" "ZmEu" > > error_log > [Mon Aug 19 07:23:51 2013] [error] [client 93.174.93.213] File does not > exist: /var/www/html/MyAdmin > > > This doesn't look good at all. My Location directive follows below. The > /etc/svn-auth.htdigest exists and appears to be valid. My goal is to setup > the repo, serve it via Apache, provide access to only a small number of > people that I approve, use cmd-line svn and do so securely. > > This is my first brush with Apache, OpenSSL, and general server config. > Thanks in advance for your suggestions! BTW, I'm not subscribed and would > appreciate being cc'd on any replies. > Scott > > > > <Location /svn> > DAV svn > SVNParentPath /var/svn > > # Authentication: Digest > AuthName "Subversion repository" > AuthType Digest > AuthUserFile /etc/svn-auth.htdigest > > # Authorization: Authenticated users only > Require valid-user > </Location> > > > > -- Regards, Dana Epp Microsoft Security MVP