Home / server / Questions / 352546
Accepted
Gargravarr
Asked: 2012-01-23 14:19:46 +0800 CST

Apache SVN: Access to repository forbidden via client, HTTP is okay?

  • 772

SVN on my webserver seems to have broken after I made some changes. It's configured to be part of one HTTPS virtual host, not universally accessible. My SVN clients give the error 'access to (repo) forbidden,' but if I go through the web interface (SVNListParentPath is on), everything works properly, using the same URL. I can even access the files through the browser. When I use a client, I notice my Apache log indicates the client is trying to access '/var/www/mysite/svn', when my SVN repositories are located under '/home/svn'. I got a redirect page once, when troubleshooting using Elinks, so could this mean my server's using some kind of redirect that's failing for the SVN clients? The rest of the site works properly over SSL, it's just SVN that doesn't work. Thanks.

Here's my Apache config for this site:

#mydomain.co.uk
NameVirtualHost *:443
<VirtualHost *:80>
    ServerAdmin [email protected]
ServerName mydomain.co.uk
    DocumentRoot /var/www/mydomain
    <Directory />
            Options FollowSymLinks
            AllowOverride None
    </Directory>
    <Directory /var/www/mydomain>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            Allow from all
    </Directory>

<Directory /usr/share/ampache>
    RewriteEngine On
            RewriteCond %{HTTPS} off
            RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>

<Directory /var/www/mydomain/opendocman>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>

<Directory /var/www/mydomain/44kg>
            Options Indexes FollowSymLinks MultiViews
            Order deny,allow
            Deny from all
            Allow from 192.168.1
    </Directory>

<Directory /var/www/mydomain/69td>
    Options Indexes FollowSymLinks MultiViews
    Order deny,allow
    Deny from all
    Allow from 192.168.1 127.0.0.1 localhost
    SCGIHandler on
    SCGIServer 127.0.0.1:5000
</Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
    </Directory>

ErrorDocument 404 /fourohfour.html

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog /var/log/apache2/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>

<VirtualHost *:443>
ServerAdmin [email protected]
ServerName mydomain.co.uk
DocumentRoot /var/www/mydomain/
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /var/www/mydomain/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<Directory /var/www/mydomain/44kg>
    Order deny,allow
    Deny from all
</Directory>

<Location /svn>
  DAV svn
  SVNParentPath /home/svn
  SVNListParentPath on
  AuthType Basic
  AuthName "Excalibur SVN Repository"
  AuthUserFile /etc/apache2/dav_svn.passwd
  Require valid-user
</Location>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/QPR/qpr.pem
SSLCertificateKeyFile /etc/ssl/certs/QPR/ca.key
</VirtualHost>

#SquirrelMail
<VirtualHost *:443>
ServerName webmail.mydomain.co.uk
DocumentRoot /usr/share/squirrelmail
SSLEngine on
SSLCertificateFile /etc/ssl/certs/QPR/qpr.pem
SSLCertificateKeyFile /etc/ssl/certs/QPR/ca.key
</VirtualHost>

The last time things worked was before I added the webmail, but disabling it does not bring SVN back. I didn't get to actually see the redirect page - it gave me just enough time to spot it was a 302 redirect before it happened, and I haven't been able to reproduce it. Through a browser, all my repositories are available at https://mydomain.co.uk/svn/(repository), but the same URL in the clients just gives this error in both SVN CLI and Dreamweaver:

Pegasus:Uni Gargravarr$ svn update
svn: access to '/svn/Uni' forbidden
debian apache-2.2 svn virtualhost

1 Answers

  1. Best Answer

    Got it.
    I completely forgot I'd installed 'mod-evasive' into Apache recently. Disabling it brought SVN back up instantly. Turns out there's a known bug in Debian with mod-evasive and mod-dav-svn. Exactly as per this question here:

    Problems with apache svn server (403 Forbidden)
    Stupidly, I read this question before posting, too. Guess I skipped the end post.

    TL;DR: Mod-evasive and Apache2/SVN don't get along :)

    • 3