How to grant access to "/.well-known" directory on SVN server (Apache 2.2)
I cannot figure out how to disable authentication for the .well-known
directory.
Things behave as expected when I remove the SVN specific directives (DAV, SVNPath, AuthzSVNAccessFile).
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot "C:/www.example.com"
ServerAdmin [email protected]
SSLEngine On
SSLCertificateFile "C:/Apache2/conf/ssl/www.example.com.crt"
SSLCertificateKeyFile "C:/Apache2/conf/ssl/www.example.com.key"
<Location />
DAV svn
SVNPath "C:/svnrepo"
SSLRequireSSL
AuthName "www.example.com"
AuthType Basic
AuthUserFile "conf/svn/svn-users.txt"
AuthGroupFile "conf/svn/svn-groups.txt"
AuthzSVNAccessFile "conf/svn/svn-access.txt"
Require valid-user
</Location>
<Location "/.well-known">
Satisfy Any
Allow from all
Require all granted
# Apache 2.4 only
#AuthType None
</Location>
</VirtualHost>
Edit: It would also work if I didn't have overlapping paths. E.g. using /svn
and /.well-known
. Unfortunately that is not something I can change easily now.
You can check apache Directory
option. Bellow is a configuration example:
<Directory /home/html/.well-known/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
in your webroot, create a file .htaccess
with the following content:
Options +Indexes
<IfModule mod_rewrite.c>
RewriteRule "/\.|^\.(?!well-known/)" - [F]
</IfModule>
You need to enable ModRewrite for this to work.
Just FYI: I eventually decided to bite the bullet and change the path to my svn repo to https://svn.domain.com/repo (instead of using the root).
After so many complications with various systems and frameworks, I decided to follow this pattern for pretty much all hosted applications, namely to always use
- subdomain
- application context path
e.g. https://subdomain.domain.com/context
This keeps all options open in the future for introducing load balancing, multiple applications below the same domain, multiple applications on the same server etc. And the configurations typically work because there will not be any overlapping paths.
Of course it was painful to switch the svn repo path in all clients.