|

»

Apache HTTP Server

»

Apache HTTP Server - Users

[users@httpd] DAV access control

View: New views

6 Messages — Rating Filter: Alert me

	[users@httpd] DAV access control by Krish, Sailesh :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hi, We are looking to setup SVN over apache, but it requires the use of DAV. There are apparently security concerns over the use of DAV over apache 2.2., in the sense that it would allow users to anonymously write content to apache, even outside of the context of SVN. Are there any workarounds to securely enable DAV and disallow anonymous writes etc… Pointers to relevant literature would be appreciated. Thanks
	[users@httpd] Re: DAV access control by LuKreme :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On 10-Nov-2009, at 08:00, skrishnamur1@... wrote: > We are looking to setup SVN over apache, but it requires the use of DAV. requires? I though SVN over DAV was a particular configuration option? > There are apparently security concerns over the use of DAV over apache 2.2., There are? > in the sense that it would allow users to anonymously write content to apache, even outside of the context of SVN. Er… no, I don't think so. -- NEXT TIME IT COULD BE ME ON THE SCAFFOLDING Bart chalkboard Ep. 2F12 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@...
	[users@httpd] AllowOverride by Pruniaux ghislain :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Some users on my apache server need to use RewriteEngine in there directory. They use .htaccess, but they say that does not work. I think i must change AllowOverride for their directory (default is none) , but i could not find the AllowOverride directive for the RewriteEngine (AuthConfig,FileInfo,Indexes,Limit,Options etc ..) Thanks On 11/10/2009 04:00 PM, skrishnamur1@... wrote: > Hi, > > We are looking to setup SVN over apache, but it requires the use of DAV. > There are apparently security concerns over the use of DAV over apache > 2.2., in the sense that it would allow users to anonymously write > content to apache, even outside of the context of SVN. Are there any > workarounds to securely enable DAV and disallow anonymous writes etc… > Pointers to relevant literature would be appreciated. > > Thanks > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@...
	Re: [users@httpd] AllowOverride by Eric Covener :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, Nov 10, 2009 at 11:04 AM, Pruniaux Ghislain <ghislain.pruniaux@...> wrote: > Hi, > Some users on my apache server need to use RewriteEngine in there directory. > They use .htaccess, but they say that does not work. > I think i must change AllowOverride for their directory (default is none) , > but i could not find the AllowOverride directive for the RewriteEngine > (AuthConfig,FileInfo,Indexes,Limit,Options etc ..) Each directive lists the 'AllowOverride' that pertains to it: http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriterule RewriteRule Directive Description: Defines rules for the rewriting engine Syntax: RewriteRule Pattern Substitution [flags] Context: server config, virtual host, directory, .htaccess Override: FileInfo ^^^^^ -- Eric Covener covener@... --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@...
	Re: [users@httpd] DAV access control by awarnier :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message skrishnamur1@... wrote: > Hi, > > We are looking to setup SVN over apache, but it requires the use of DAV. There are apparently security concerns over the use of DAV over apache 2.2., in the sense that it would allow users to anonymously write content to apache, even outside of the context of SVN. Are there any workarounds to securely enable DAV and disallow anonymous writes etc... Pointers to relevant literature would be appreciated. > There is nothing to stop you securing a <Location> handled by DAV, just like you would secure any other section of your webspace. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@...
	Re: [users@httpd] AllowOverride by Pruniaux ghislain :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Next time i will open my eyes Thanks a lot On 11/10/2009 05:13 PM, Eric Covener wrote: > On Tue, Nov 10, 2009 at 11:04 AM, Pruniaux Ghislain > <ghislain.pruniaux@...> wrote: >> Hi, >> Some users on my apache server need to use RewriteEngine in there directory. >> They use .htaccess, but they say that does not work. >> I think i must change AllowOverride for their directory (default is none) , >> but i could not find the AllowOverride directive for the RewriteEngine >> (AuthConfig,FileInfo,Indexes,Limit,Options etc ..) > > Each directive lists the 'AllowOverride' that pertains to it: > > http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriterule > RewriteRule Directive > Description: Defines rules for the rewriting engine > Syntax: RewriteRule Pattern Substitution [flags] > Context: server config, virtual host, directory, .htaccess > Override: FileInfo > ^^^^^ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@... " from the digest: users-digest-unsubscribe@... For additional commands, e-mail: users-help@...