overlapping <Location>-Sections
overlapping <Location>-Sections
am 23.03.2010 12:54:31 von rog7993
Hello,
I'm looking for a configuration that allows the combining of two
sections, which overlap. We have a running subversion server,
which is located at the root of the web server:
DAV svn
SVNParentPath /home/subversion/repos
AuthzSVNAccessFile svn-access-file
SSLRequireSSL
AuthType Basic
AuthBasicProvider ldap
AuthName "Subversion repository (LDAP password)"
AuthLDAPUrl ldap://....
# try anonymous access first, resort to real
# authentication if necessary.
Satisfy Any
Require valid-user
Now, I want to add the application WebSVN:
Order allow,deny
Allow from all
SSLRequireSSL
AuthType Basic
AuthBasicProvider ldap
AuthName "Subversion repository (LDAP password)"
AuthLDAPUrl ldap://....
AuthzLDAPAuthoritative off
# try anonymous access first, resort to real
# authentication if necessary.
#Satisfy Any
Require valid-user
Options Multiviews
Order allow,deny
Allow from all
Alias /websvn-2.3.0/ /opt/websvn-2.3.0/
Order allow,deny
Allow from all
If defining this in an own section, both is working. Now I
want to combine both in a single section. But the
section for Subversion is catching all requests. Is it
possible, to define an exception for the path /websvn?
Negation within the pattern of or seems to be
impossible (like ). As mod_rewrite does allow
this, I carried out some tests with it, but without success until now.
Is there a solution for my desired setup?
Ingo
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: overlapping <Location>-Sections
am 23.03.2010 13:34:15 von Eric Covener
> Negation within the pattern of or seems to be
> impossible (like ). As mod_rewrite does allow
> this, I carried out some tests with it, but without success until now.
you have to do the negation in PCRE -- see "negative lookahead"
--
Eric Covener
covener@gmail.com
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: overlapping <Location>-Sections
am 23.03.2010 17:00:05 von rog7993
Hello,
Am 23.03.2010 13:34, schrieb Eric Covener:
>> Negation within the pattern of or seems to be
>> impossible (like ).
>
> you have to do the negation in PCRE -- see "negative lookahead"
Do you mean something like this?
WebSVN stuff
subversion stuff
Unfortunately this does not work, too.
I did never use negative lookahead within regular expressions before.
Maybe I misunderstood the correct syntax. But I tested this pattern with
python and it seems to work there.
Ingo
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: overlapping <Location>-Sections
am 23.03.2010 17:03:08 von Eric Covener
On Tue, Mar 23, 2010 at 12:00 PM, wrote:
> Hello,
>
> Am 23.03.2010 13:34, schrieb Eric Covener:
>>> Negation within the pattern of or seems to b=
e
>>> impossible (like ).
>>
>> you have to do the negation in PCRE -- see "negative lookahead"
>
> Do you mean something like this?
>
>
> =A0 WebSVN stuff
>
>
>
> =A0 subversion stuff
>
>
I thought you only wanted one section, note the order of
precedence/evaluatuion in the manual for the different containers,
which I believe is the opposite of the order you listed them. If
they're totally independent, you could two exclusive LocationMatch
directives.
--=20
Eric Covener
covener@gmail.com
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: overlapping <Location>-Sections
am 23.03.2010 17:33:20 von rog7993
Am 23.03.2010 17:03, schrieb Eric Covener:
>>
>> WebSVN stuff
>>
>>
>>
>> subversion stuff
>>
> I thought you only wanted one section, note the order of
> precedence/evaluatuion in the manual for the different containers,
> which I believe is the opposite of the order you listed them. If
> they're totally independent, you could two exclusive LocationMatch
> directives.
As the regex patterns of these sections are disjunct, the
order of the sections should not matter. Nevertheless I tried changing
the order. The behavior is the same as before.
Ingo
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: overlapping <Location>-Sections
am 23.03.2010 17:38:43 von Eric Covener
On Tue, Mar 23, 2010 at 12:33 PM, wrote:
> Am 23.03.2010 17:03, schrieb Eric Covener:
>>>
>>> =A0 WebSVN stuff
>>>
>>>
>>>
>>> =A0 subversion stuff
>>>
>
>> I thought you only wanted one section, note the order of
>> precedence/evaluatuion in the manual for the different containers,
>> which I believe is the opposite of the order you listed them. =A0If
>> they're totally independent, you could two exclusive LocationMatch
>> directives.
>
> As the regex patterns of these sections are disjunct, the
> order of the sections should not matter. Nevertheless I tried changing
> the order. The behavior is the same as before.
>
Going back to OP, what part of the outter location did you think was
bleeding in? Did you just need to reset to satisfy all?
What's the current behavior and how does it differ from what you expect?
--=20
Eric Covener
covener@gmail.com
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: overlapping <Location>-Sections
am 25.03.2010 17:02:05 von rog7993
On Tue, Mar 23, 2010 at 12:38:43PM -0400, Eric Covener wrote:
> On Tue, Mar 23, 2010 at 12:33 PM, wrote:
> >>>
> >>> WebSVN stuff
> >>>
> >>>
> >>>
> >>> subversion stuff
> >>>
Possibly this configuration does not work because of a bug in Apache,
mod_dav or mod_dav_svn in the handling of "complex" regular expressions
within directives. I found this five years old bug
description:
https://issues.apache.org/bugzilla/show_bug.cgi?id=35077
I don't know whether this was fixed in newer Apache versions in the
meantime. But this bug is still open.
> Going back to OP, what part of the outter location did you think was
> bleeding in? Did you just need to reset to satisfy all?
No. Mainly I want to deactivate "DAV". I didn't posted it until now.
But this configuration doesn't work, too:
# Subversion stuff
DAV svn
...
# WebSVN stuff
DAV off
...
I found an other solution. Requests to WebSVN (/websvn) will be handled
directly by the SSL-VirtualHost, all other requests (subversion
repositories) will be proxied to another VirtualHost. See above. But I'm
not happy with this solution, because it reduces the subversion
performance significantly.
ServerName svnserv01....
ServerAlias localhost
RequestHeader edit Destination ^https http early
LogLevel Warn
DAV svn
SVNParentPath /home/subversion/repos
AuthzSVNAccessFile svn-access-file
SSLRequireSSL
AuthType Basic
AuthBasicProvider ldap
AuthName "Subversion repository (LDAP password)"
AuthLDAPUrl ...
# try anonymous access first, resort to real
# authentication if necessary.
Satisfy Any
Require valid-user
ServerName svnserv01...
DocumentRoot /var/www/svnserv01/htdocs
Alias /websvn-2.3.0/ /opt/websvn-2.3.0/
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/websvn.*
RewriteRule (.*) http://localhost$1 [P]
LogLevel warn
SSLEngine On
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLCACertificateFile ...
Options Multiviews SymLinksIfOwnerMatch
Order allow,deny
Allow from all
Order allow,deny
Allow from all
Order allow,deny
Allow from all
SSLRequireSSL
AuthType Basic
AuthBasicProvider ldap
AuthName "Subversion repository (LDAP password)"
AuthLDAPUrl ...
AuthzLDAPAuthoritative off
# try anonymous access first, resort to real
# authentication if necessary.
#Satisfy Any
Require valid-user
Order allow,deny
Allow from all
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org