DEVHIDE
Login Or Sign up

Visual Svn Server: How to restrict edit by specified IP Address

1.1k Views Asked by At

I want to enable only a specific IPAddess to edit (add, delete, update...) my visual svn server, but all others IPAddess must be able to read...

I believe it is necessary a change like this in the file %VISUALSVN_SERVER%conf\httpd-custom.conf

<VirtualHost *:80>
  <Location /svn>
    # write access
    <LimitExcept GET PROPFIND OPTIONS REPORT>
      Order deny,allow
      deny from all
      Allow from XXX.XXX.XXX.XXX
    </LimitExcept>
  </Location>
</VirtualHost>

but do not know well visual svn server. what is the right way?

Visual SVN Server 3.2 x64 is installed in Windows 2008 R2 Server x64

UPDATE from VisualSvn support

Such feature is not available in VisualSVN Server 3.2 out-of-the-box, however we consider the possibility to implement it in future versions. [...] Generally speaking, it is possible to implement IP-based restrictions via modifying httpd-custom.conf file, however we strongly discourage to take this approach. VisualSVN Server has "SVNPathAuthz short_circuit" option enabled, which dramatically improves authorization performance. The option has a limitation, though: server configuration mustn't rely on other authorization modules such as "authz_host_module" (which is responsible for IP-based checks), otherwise you will encounter unexpected behavior with authorization. On the other hand, if you disable "short_circuit" you will definitely notice performance degradation when running authorization-intensive operations against you repositories (such as running svn log, svn checkout, `svn export, etc or running a graphical repository browser such as the one TortoiseSVN client provides)

apache svn visualsvn-server svn-server
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

Since there's no built-in support for that in SVN, you may want to look for a workaround.

You could configure SVN server to use authentication, then allow only selected authenticated users/groups to do commits and leave everyone for read-only access. Security can be hardened in IIS and, SSL/TLS can be used easily and you could even detect and block brute force password attempts, if that's your main reason to consider IP filtering.

If for some reason IP filtering is a must, I'd suggest having another SVN Server instance (that runs on a different IP port) and do a repository copy to that instance (use svn dump on main instance, then svn load on your read-only instance 2). Then have your firewall allow commiters (that are filtered by IP) access the main SVN server, and all other IPs can access the read-only SVN server instance.

With svn dump and load you actually copy everything - all commits, history, comments, etc. You could do that as often as you like, and you can also bind these actions to the post-commit hook, to have it happen after every commit.

Related Questions in APACHE

Related Questions in SVN

Related Questions in VISUALSVN-SERVER

Related Questions in SVN-SERVER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.