Ping a Specific Port

Question

Reto Höhener

Asked: 2017-04-10 19:07:47 +0800 CST2017-04-10 19:07:47 +0800 CST 2017-04-10 19:07:47 +0800 CST

How to grant access to "/.well-known" directory on SVN server (Apache 2.2)

772

I cannot figure out how to disable authentication for the .well-known directory.

Things behave as expected when I remove the SVN specific directives (DAV, SVNPath, AuthzSVNAccessFile).

<VirtualHost *:443>
  ServerName www.example.com
  DocumentRoot "C:/www.example.com"
  ServerAdmin [email protected]

  SSLEngine On
  SSLCertificateFile "C:/Apache2/conf/ssl/www.example.com.crt"
  SSLCertificateKeyFile "C:/Apache2/conf/ssl/www.example.com.key"

  <Location />
    DAV svn
    SVNPath "C:/svnrepo"
    SSLRequireSSL 

    AuthName "www.example.com"
    AuthType Basic
    AuthUserFile "conf/svn/svn-users.txt"
    AuthGroupFile "conf/svn/svn-groups.txt"
    AuthzSVNAccessFile "conf/svn/svn-access.txt"

    Require valid-user
  </Location> 

  <Location "/.well-known">    
    Satisfy Any
    Allow from all
    Require all granted
    # Apache 2.4 only
    #AuthType None
  </Location>
</VirtualHost>

Edit: It would also work if I didn't have overlapping paths. E.g. using /svn and /.well-known. Unfortunately that is not something I can change easily now.

3 Answers

Voted

Amit Vujic · Answer 1 · 2017-04-11T13:22:22+08:00

Amit Vujic

2017-04-11T13:22:22+08:002017-04-11T13:22:22+08:00

You can check apache Directory option. Bellow is a configuration example:

    <Directory /home/html/.well-known/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from all
    </Directory>

3

Stephan Richter · Answer 2 · 2017-07-26T01:17:21+08:00

Stephan Richter

2017-07-26T01:17:21+08:002017-07-26T01:17:21+08:00

in your webroot, create a file .htaccess with the following content:

Options +Indexes

<IfModule mod_rewrite.c>
    RewriteRule "/\.|^\.(?!well-known/)" - [F]
</IfModule>

You need to enable ModRewrite for this to work.

2

Reto Höhener · Answer 3 · 2019-02-17T05:58:53+08:00

Reto Höhener

2019-02-17T05:58:53+08:002019-02-17T05:58:53+08:00

Just FYI: I eventually decided to bite the bullet and change the path to my svn repo to https://svn.domain.com/repo (instead of using the root).

After so many complications with various systems and frameworks, I decided to follow this pattern for pretty much all hosted applications, namely to always use

subdomain
application context path

e.g. https://subdomain.domain.com/context

This keeps all options open in the future for introducing load balancing, multiple applications below the same domain, multiple applications on the same server etc. And the configurations typically work because there will not be any overlapping paths.

Of course it was painful to switch the svn repo path in all clients.

2

How to grant access to "/.well-known" directory on SVN server (Apache 2.2)

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?