-   Linux - Security (
-   -   Apache2 access restriction in location (

ReefShark 01-22-2010 05:27 AM

Apache2 access restriction in location
I've got this in my Apache2 config (on a Ubuntu 9.10 server):

<VirtualHost _default_:443>
        DocumentRoot /srv/svn
      <Location /repos>
                DAV svn
                SVNParentPath /srv/svn
                Order Deny,Allow
                Deny from all
                # ALlow local host
                Allow from 172.23.120
                AuthType Basic
                AuthName "Knock Knock"
                AuthUserFile /srv/svn/.webdavpwd
                Require valid-user
                Satisfy All
        some ssl code, etc etc

When I comment out the "allow from" line, I have no access to this server at all, but when "Allow from 172.23.120" is activated, I can also access that location from other IP's (I can even access it from the internet).

What I really want is access limited to the IP's in "Allow from" because I don't want anyone accessing our subversion repo's from anywhere else.

I know I'm overlooking something very obvious, but perusing Apache2 documentation for 2 hours haven't helped me find it. :(

bathory 01-22-2010 06:33 AM


Remove or comment out the "Deny from all" directive and restart apache.

ReefShark 01-22-2010 08:38 AM

Did it, can still reach the server from all and any IP's I want, including those not specified in the "Allow from" directive.

bathory 01-22-2010 08:57 AM

Change the Order to:

Order Allow,Deny

ReefShark 01-22-2010 09:36 AM

Nope, no effect. Can still reach the location from the internet.

Is the fact that there is another <Location> webdav / svn directive in the same VirtualHost file (without any IP restrictions) any reason for this not to work?

bathory 01-22-2010 09:53 AM

Could be. The Location directive matches regexes, so it maybe bypasses your restriction because it matches something else.

You can put the directives needed for access restriction inside a .htaccess file in the directory you want to protect.

All times are GMT -5. The time now is 05:49 AM.