Web Projects Consulting

Local SVN + Trac + SSL How-to

PART III. Configuration files

ModSecurity fix

sudo gedit /etc/httpd/conf.d/mod_security.conf

Locate:


<h1>Basic configuration goes in here</h1>

Include modsecurity.d/modsecurity_crs_10_config.conf

Insert after:


<h1>Our settings</h1>

Include modsecurity.d/modsecurity_svn_allow.conf

sudo gedit /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

Change SecResponseBodyLimit to a considerably bigger value.

sudo touch /etc/httpd/modsecurity.d/modsecurity_svn_allow.conf
sudo gedit /etc/httpd/modsecurity.d/modsecurity_svn_allow.conf

SecRule REQUEST_METHOD "^(PROPFIND|PROPPATCH)$" \
"allow,id:2,t:none,msg:'SVN request, allow it.'"
SecRule REQUEST_METHOD "^(REPORT|OPTIONS)$" \
"allow,id:2,t:none,msg:'SVN request, allow it.'"
SecRule REQUEST_METHOD "^(MKACTIVITY|CHECKOUT)$" \
"allow,id:2,t:none,msg:'SVN request, allow it.'"
SecRule REQUEST_METHOD "^(PUT|DELETE|MERGE)$" \
"allow,id:2,t:none,msg:'SVN request, allow it.'"
SecRule REQUEST_METHOD "^(MKCOL)$" \
"allow,id:2,t:none,msg:'SVN request, allow it.'"

localdev.conf


&lt;VirtualHost 127.0.0.2:80&gt;
ServerName svn.example.com
Redirect / https://svn.example.com/
&lt;/VirtualHost&gt;

&lt;VirtualHost 127.0.0.3:80&gt;
ServerName trac.example.com
Redirect / https://trac.example.com/
&lt;/VirtualHost&gt;

&lt;VirtualHost 127.0.0.2:443&gt;
DocumentRoot &quot;/var/www/vhosts/svn/svn.example.com&quot;
ServerName svn.example.com
&lt;Location /&gt;
DAV svn
SVNPath /var/www/vhosts/svn/svn.example.com
AuthType Basic
AuthName &quot;svn.example.com&quot;
AuthUserFile /var/www/vhosts/svn/svn.example.com/conf/passwd
AuthzSVNAccessFile /var/www/vhosts/svn/svn.example.com/conf/authz
Require valid-user
&lt;/Location&gt;
SSLEngine on
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
SetEnvIf User-Agent “.<em>MSIE.</em>” nokeepalive ssl-unclean-shutdown
CustomLog /var/log/httpd/svn.example.com/access.log combined
ErrorLog /var/log/httpd/svn.example.com/error.log

&lt;Directory &quot;/var/www/vhosts/svn/svn.example.com&quot;&gt;
Order allow,deny
Allow from 127.0.0
&lt;/Directory&gt;

&lt;/VirtualHost&gt;

&lt;VirtualHost 127.0.0.3:443&gt;
ServerName trac.example.com
DocumentRoot &quot;/var/www/vhosts/trac/trac.example.com&quot;
Alias /trac/ /usr/share/trac/htdocs
&lt;Directory &quot;/usr/share/trac/htdocs/&quot;&gt;
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
&lt;/Directory&gt;
&lt;Location /&gt;
SetHandler mod_python
SetEnv PYTHON_EGG_CACHE &quot;/tmp/eggs&quot;
PythonHandler trac.web.modpython_frontend
PythonInterpreter main_interpreter
PythonOption TracEnv &quot;/var/www/vhosts/trac/trac.example.com/&quot;
PythonOption TracUriRoot /
AuthType Basic
AuthName &quot;trac.example.com&quot;
AuthUserFile /var/www/vhosts/svn/svn.example.com/conf/passwd
Require valid-user
&lt;/Location&gt;
CustomLog /var/log/httpd/trac.example.com/access.log combined
ErrorLog /var/log/httpd/trac.example.com/error.log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
&lt;Directory &quot;/var/www/vhosts/trac/trac.example.com&quot;&gt;
Order allow,deny
Allow from 127.0.0
&lt;/Directory&gt;
&lt;/VirtualHost&gt;
Tagged on: , , , , , , , , , , , ,
By Alec | 29/04/2009 | Apache, How-Toes, Linux, Software, Webmaster | 1 Comment |

One thought on “Local SVN + Trac + SSL How-to

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.