I’m trying to import a brand new top secret project into.
Okay, I’ve had my share of troubles with that set-up — it is behind an Apache Reverse Proxy, with a bit of perl hacking to support move operations accross SSL tunnels. (I’ll post about this soon, I’m sure it will interest someone).
So, I was trying to import my new project and BANG, it dies.
I first wonder the meaning of such foolery (foolery that has nothing to do with Tom, whatsoever) and then slap my forehead loudly.
I use shitty redirects for HTTP errors to display lovely custom error messages. SVN probably dislikes the redirect and displays it as the problem, hence, 302 found.
I comment that stuff out of httpd.conf, restart apache, and bam. There is the real error.
svn: PUT of '/svn/repos/!svn/wrk/xx/.htaccess': 403 Forbidden (https://www.underwares.org)
Well, shit. It seems to be explicitely rejecting files named “.htaccess”. I thought it might have been mod_security being too anal once again, but that would have returned a 406 (content unacceptable). I still disable mod_security, to no avail.
I run a simple test to confirm. I create a folder with four files:
So, we’ll see what happen. I try to import them into svn. I first start with “.pouet”, for kicks.
$ svn import . https://www.underwares.org/svn/repos/private/test Ajout .pouet Révision 275 propagée.
Well, that worked. So it’s not the dot. Next, “.htaccess”.
phobos$ svn import . https://www.underwares.org/svn/repos/private/test svn: PROPFIND request failed on '/svn/repos/private/test/.htaccess' svn: PROPFIND of '/svn/repos/private/test/.htaccess': 403 Forbidden (https://www.underwares.org) svn: Le message de propagation a été laissé dans un fichier temporaire : svn: 'svn-commit.2.tmp' phobos$
Well, that failed. “.htpasswd” fails as well, and to much of my surprise, “.htpouet” fails as well.
Then it hit me. The following regular expression flashed through my mind:
^.ht Damn it! The default httpd.conf has a directive that denies access to such files on a global level. A quick look at the file confirms:
<Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files>
So here we go. I comment out that obnoxious directive, and move it inside the “Directory” directive of my vhost. I also add it to every single vhost on my server.
Some clever people are probably thinking, why didn’t you do something like this?
<Location /svn> <Files ~ "^\.ht"> Order allow,deny Allow from all Satisfy All </Files> </Location>
Well, you can’t have a Files directive nested inside a Location directive. You can, however, have one inside a Directory directive. So, now users can’t access .ht files through the web, which is good, and SVN can, which is good as well.
All of this was probably related to my sinister Reverse Proxy buisness. Don’t attempt such a set-up unless you like pain, kids.