允许从本地主机进行 SVN 匿名读取访问
我有一个 SVN 存储库,配置为通过 Apache httpd 使用基本身份验证来限制对指定用户的访问。为了支持在同一服务器上运行的持续集成服务器(和其他只读服务),我希望允许从本地主机进行匿名读取访问。
经过一些研究(即谷歌搜索)后,我尝试了以下 Apache 配置:
<Location /svn>
DAV svn
SVNParentPath /var/svn
AuthType Basic
AuthName "SVN"
AuthBasicProvider external
AuthExternal pwauth
#Only allow specified users to login to SVN
require user UID1
require user UID2
require user UID3
#Allow anonymous reads from localhost
<LimitExcept GET PROPFIND OPTIONS REPORT>
Order allow,deny
Allow from 127.0.0.1
</LimitExcept>
</Location>
当我尝试从本地服务器进行匿名结帐时,我仍然会收到输入密码的提示(在本例中为 root 用户)。
关于我可能做错了什么或者我应该如何正确配置以允许这样做的任何想法或建议?
我最初尝试配置匿名读取访问权限是基于此页面上的信息。
I have an SVN repository that is configured to use Basic authentication through Apache httpd to limit access to specified users. To support a continuous integration server (and other read-only services) running on the same server I would like to allow anonymous read access from localhost.
After going some research (i.e. Googling) I came up with trying the following Apache configuration:
<Location /svn>
DAV svn
SVNParentPath /var/svn
AuthType Basic
AuthName "SVN"
AuthBasicProvider external
AuthExternal pwauth
#Only allow specified users to login to SVN
require user UID1
require user UID2
require user UID3
#Allow anonymous reads from localhost
<LimitExcept GET PROPFIND OPTIONS REPORT>
Order allow,deny
Allow from 127.0.0.1
</LimitExcept>
</Location>
When I try to do an anonymous checkout from the local server I still get prompted for a password (in this case for the root user).
Any thoughts or suggestions as to what I might be doing wrong or how I should properly configure things to allow this?
My original attempt at configuring anonymous read access is based off of the information on this page.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
很好地为我工作(可以签出,无法提交)
编辑
我的块,包含相关和不相关的部分,
如果我跳过
满足任何,我必须验证任何请求work for me nicely (can checkout, can't commit)
Edit
My block, with relevant and irrelevant parts
if I skip
Satisfy Any, I have to authenticate any request如果您有多个
Require行,默认情况下它是 RequireAny - 只需要通过一个规则。所以你可以这样做If you have multiple
Requirelines that by default it is RequireAny - only one rule needs to pass. So you can do it like this我认为您正在寻找
Location块底部的Satisfy Any,如果Allow 的任何,则允许访问code> 和Require指令匹配(与默认值相反,默认值要求它们全部匹配)。文档位于此处。
I think you're after
Satisfy Anyat the bottom of yourLocationblock, which allows access if any of theAllowandRequiredirectives match (as opposed to the default, which requires them all to match).Documentation is here.
我认为这行不通
“需要用户”指令对于整个位置块都是有效的。
我的第一个想法是将“需要用户”放在限制块内,这不会起作用,因为无论您从哪个 IP 请求数据,限制块都是活动的。
创建第二个名为 svn-localhost 的目录,再次将 svn 根目录映射到那里,只存在限制块。
i dont think this is going to work
the "require user" directive is active for the whole location block.
my first thought was to put the "require user" inside the limit block, this won't work because the limit block is active regardless from which ip you are requesting the data.
make a second directory called svn-localhost, map your svn root there a second time with only the limit block present.
我始终无法找到一种解决方案,该解决方案仅允许从本地主机进行匿名读取访问,并且需要对任何远程系统的读取和写入进行身份验证。
最终,我为需要身份验证的应用程序创建了一个用户名/密码。
这不是理想的解决方案...但它应该工作正常。
I was never able to find a solution that would allow anonymous read access from localhost only and require authentication for both read and write from any remote system.
Ultimately I created a username/password for the application needing to authenticate.
This wasn't the ideal solution... but it should work fine.
即使我也无法解决匿名访问问题。
但我没有创建新的只读用户,而是通过使用基于文件的 url 进行集成(与 redmine)。因此,我没有使用 http url(需要身份验证),而是使用 file:///。这不需要身份验证。
Even I was not able to solve the anonymous access problem.
But instead of creating a new read only user, I got the integration (with redmine) to work by using the file based url. So instead of referring to http url (which require authentication), I am using file:///. This does not require authentication.