Opened 10 years ago

Closed 10 years ago

#1 closed defect (fixed)

SVN should be limited to HTTPS access

Reported by: flip Owned by: flip
Priority: major Milestone:
Component: subversion Version:
Keywords: Cc:

Description (last modified by flip)

Currently our SVN setup permits access via 3 protocols: SVN, HTTP, and HTTPS. No one is using the first. There's no reason for us to prefer HTTP over HTTPS and I'd rather we all use HTTPS in order to minimize the risk of password exposure.

It looks like in order to require HTTPS (i.e. kill HTTP) would be to add SSLRequireSSL to the <Location /svn> section of /etc/httpd/conf.d/subversion.conf.

This email thread might help:
http://svn.haxx.se/users/archive-2004-03/0860.shtml

Disabling the SVN protocol would probably require editing /etc/xinetd.d/svnserve and setting disable=yes

Change History (3)

comment:1 Changed 10 years ago by flip

  • Component changed from component1 to subversion
  • Owner changed from somebody to flip
  • Status changed from new to assigned

comment:2 Changed 10 years ago by flip

  • Description modified (diff)

comment:3 Changed 10 years ago by flip

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed on new server scion

Note: See TracTickets for help on using tickets.