Search

Calendar

<< August 2008 >>
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

Archives By Subject

AJAX (2) [RSS]
Apache (4) [RSS]
Blog (5) [RSS]
CAPTCHA (1) [RSS]
CFEclipse (1) [RSS]
ColdFusion (36) [RSS]
Copyright (2) [RSS]
CVS (2) [RSS]
Databases (1) [RSS]
Dreamweaver (1) [RSS]
Eclipse (2) [RSS]
EZProxy (1) [RSS]
Facebook (4) [RSS]
Firefox (8) [RSS]
Flash (1) [RSS]
General (6) [RSS]
Google (12) [RSS]
graphics (1) [RSS]
ILLiad (0) [RSS]
Java (6) [RSS]
JavaScript (2) [RSS]
Just for fun (1) [RSS]
Linux (6) [RSS]
Lucene (4) [RSS]
modelglue (9) [RSS]
MXNA (1) [RSS]
Mycroft (2) [RSS]
OS X (1) [RSS]
PDF (1) [RSS]
Personal (1) [RSS]
Photos (1) [RSS]
PHP (1) [RSS]
Programming (5) [RSS]
Server (6) [RSS]
Solaris (2) [RSS]
Solr (5) [RSS]
Subversion (3) [RSS]
Web (11) [RSS]
Windows (1) [RSS]
XML (16) [RSS]
XSLT (1) [RSS]

Recent Entries

Recent Comments

Computer Graphics
Wayne Graham said: Cool! We didn't get much into L-Systems or motion (other than to see a few examples). We had to fit ... [More]

Computer Graphics
HabsQ said: We have similar experience ;) I also used to program in Java, but the CG course &quot;force&... [More]

Model-Glue Entities
Wayne Graham said: Abu, Which version of PHP are you using? I suspect its the culprit and not Linux (or XML)... [More]

Rotten Luck
Wayne Graham said: @ Cameron I know...my wife kept rubbing it in that she had told me to take everything as carry on. ... [More]

Model-Glue Entities
abu said: hi to all I have some problem in xml entities used in php project....some xml unicode entities a... [More]

RSS


Subscribe

Enter your email address to subscribe to this blog.

Subversion with mod_security

Posted At : March 6, 2007 4:35 PM
Related Categories: Apache,Server,Subversion

I ran into a bit of an issue while setting up a new subversion server today. On that box we're running mod_security on all vhosts to add another layer of security to our web apps. I got everything configured with the the security, but when I was testing, I kept getting 403 errors when I attempted to get the files in anything other than a web browser.

After scratching my head for a while, I looked at the Apache logs, and noticed that mod_rewrite was causing the issue with lines like this:

[Tue Mar 06 13:46:46 2007] [error] [client xxx.xxx.xxx.xxx] mod_security: Access denied with code 403. Pattern match "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)" at HEADER("Content-Type") [severity "EMERGENCY"] [hostname "svn.example.com"] [uri "/test"]

I stumbled on Charl van Niekerk's entry on this. One of the comments suggested that the following is the bare minimum to run mod_security on a vhost running subversion:

SecFilterSelective REQUEST_METHOD "^(PROPFIND|PROPPATCH)$" allow
SecFilterSelective REQUEST_METHOD "^(REPORT|OPTIONS)$" allow
SecFilterSelective REQUEST_METHOD "^(MKACTIVITY|CHECKOUT)$" allow
SecFilterSelective REQUEST_METHOD "^(PUT|DELETE|MERGE)$" allow

This should be in the first directives in your mod_security call:

<IfModule mod_security.c>

# Enable ModSecurity
SecFilterEngine On

# Allow SVN requests
   SecFilterSelective REQUEST_METHOD "^(PROPFIND|PROPPATCH)$" allow
   SecFilterSelective REQUEST_METHOD "^(REPORT|OPTIONS)$" allow
   SecFilterSelective REQUEST_METHOD "^(MKACTIVITY|CHECKOUT)$" allow
   SecFilterSelective REQUEST_METHOD "^(PUT|DELETE|MERGE)$" allow

   ...
   # rest of your directives
</IfModule>

If you run a Subversion repository and have run into this issue, these security filters should help!

Comments (3) | Print | Send | del.icio.us | Linking Blogs | 4569 Views
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment]
yorch's Gravatar Very usefull! Yesterday I have the same issue. Thanks a lot!
Some minutes ago, I got the error:
mod_security: Access denied with code 500.
When trying to commit changes. I think it has something to do with MKCOL SVN method (access log shows it on the same error's time).
So I added the following line right after the other SVN directives:
SecFilterSelective REQUEST_METHOD "^(MKCOL)$" allow
Now it works.
Hope this helps someone,
Regards,
Yorch.
# Posted By yorch | 3/20/07 12:38 AM
Podcast Hosting's Gravatar good programming, your security mode has solved many problems
# Posted By Podcast Hosting | 9/2/07 8:51 AM
Jack McCoy's Gravatar Very usefull! Yesterday I have the same issue. Thanks a lot!
Some minutes ago, I got the error:
mod_security: Access denied with code 500.
When trying to commit changes. I think it has something to do with MKCOL SVN method (access log shows it on the same error's time).
So I added the following line right after the other SVN directives:
SecFilterSelective REQUEST_METHOD "^(MKCOL)$" allow
Now it works.
Hope this helps someone,
Regards,
Yorch.
# Posted By Jack McCoy | 9/4/07 11:02 PM
[Add Comment]