[F8] Apache Mod_Security and SubVersion

Daniel B. Thurman dant at cdkkt.com
Sat Feb 9 00:42:03 UTC 2008


To make a really long story short  as possible, let's just say that I
have
been able to setup Apache, the Mod_Security, SSL and SubVersion and
I  am able to access the subversion repository locally with the svn
commands and the web-browser, but not remotely.

The SSL certificates are installed in the /etc/httpd/conf directory and
it
work via the browser and the svn commands in the shell. But doing this
remotely with a web-browser or the following svn command results in the
server certificate not being passed to the client at all.  It appears to
show
some bogus certificate Issuer instead. as follows:

+  svn list https://svn.<domain>.com

Error validating server certificate for 'https://svn.<domain>.com:443':
 - The certificate is not issued by a trusted authority. Use the
fingerprint to
    validate the certificate manually!
 - The certificate hostname does not match. 
Certificate information:
 - Hostname: <hostname>.<domain>.com
 - Valid: from Sun, 09 Dec 2007 01:13:54 GMT until Mon, 08 Dec 2008
01:13:54 GMT
 - Issuer: SomeOrganizationalUnit, SomeOrganization, SomeCity,
SomeState, --
 - Fingerprint:
70:ab:9c:b3:97:a3:98:02:39:5e:59:b4:50:2c:07:bc:66:64:c4:c4
(R)eject, accept (t)emporarily or accept (p)ermanently? t
svn: PROPFIND request failed on '/'
svn: PROPFIND of '/': 405 Method Not Allowed (https://svn.<domain>.com)


Below is the mod_security audit log file showing the results:
=============================================================
/var/log/httpd/modsec_audit.log:
Note: Client: 10.1.0.11. Server: 10.1.0.143
=============================================================
--5b7f8e6b-A--
[08/Feb/2008:16:13:55 --0800] lRvlFwoBAI8AACDvh3wAAAAB 10.1.0.11 2006
10.1.0.143 443
--5b7f8e6b-B--
PROPFIND / HTTP/1.1
Host: svn.<domain>.com
User-Agent: SVN/1.4.5 (r25188) neon/0.26.4
Keep-Alive: 
Connection: TE, Keep-Alive
TE: trailers
Content-Length: 300
Content-Type: text/xml
Depth: 0
Accept-Encoding: gzip, gzip

--5b7f8e6b-C--
<?xml version="1.0" encoding="utf-8"?>
<propfind xmlns="DAV:">
<prop>
<version-controlled-configuration xmlns="DAV:"/><resourcetype
xmlns="DAV:"/>
<baseline-relative-path
xmlns="http://subversion.tigris.org/xmlns/dav/"/>
<repository-uuid xmlns="http://subversion.tigris.org/xmlns/dav/"/>
</prop>
</propfind>
--5b7f8e6b-F--
HTTP/1.1 405 Method Not Allowed
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1

--5b7f8e6b-H--
Message: Access allowed (phase 2). Pattern match "^(PROPFIND|
PROPPATCH)$" at
    REQUEST_METHOD. [id "1"] [msg "SVN request, allow it."]
Stopwatch: 1202516035101975 51173 (1957* 2642 -)
Producer: ModSecurity v2.1.3 (Apache 2.x)
Server: Apache/2.2.6 (Fedora)

--5b7f8e6b-Z--
=============================================================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20080208/9e7f9785/attachment-0001.htm>


More information about the fedora-list mailing list