2

How do you resolve the error svn: access to '/repos/!svn/vcc/default' forbidden?

I recently upgraded a Fedora 13 server to 16, and now I'm trying to debug an access error with a Subversion server running on using Apache with mod_dav_svn.

Running:

svn ls http://myserver/repos/myproject/trunk

Lists the correct files. But when I go to commit, I get the error:

svn: access to '/repos/!svn/vcc/default' forbidden

My Apache virtualhost for svn is:

<VirtualHost *:80> ServerName svn.mydomain.com ServerAlias svn DocumentRoot "/var/www/html" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <Location /repos> Order allow,deny Allow from all DAV svn SVNPath /var/svn/repos SVNAutoversioning On # Authenticate with Kerberos AuthType Kerberos AuthName "Subversion Repository" KrbAuthRealms mydomain.com Krb5KeyTab /etc/httpd/conf/krb5.HTTP.keytab # Get people from LDAP AuthLDAPUrl ldap://ldap.mydomain.com/ou=people,dc=mydomain,dc=corp?uid # For any operations other than these, require an authenticated user. <LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user </LimitExcept> </Location> </VirtualHost>

What's causing this error?

EDIT: In my /var/log/httpd/error_log I'm seeing a lot of these:

[Fri Jun 22 13:22:51 2012] [error] [client 10.157.10.144] ModSecurity: Warning. Operator LT matched 20 at TX:inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/base_rules/modsecurity_crs_60_correlation.conf"] [line "31"] [msg "Inbound Anomaly Score (Total Inbound Score: 15, SQLi=, XSS=): Method is not allowed by policy"] [hostname "svn.mydomain.com"] [uri "/repos/!svn/act/0510a2b7-9bbe-4f8c-b928-406f6ac38ff2"] [unique_id "T@Sp638DCAEBBCyGfioAAABK"]

I'm not entirely sure how to read this, but I'm interpreting "Method is not allowed by policy" as meaning that there's some security Apache module that might be blocking access. How do I change this?

Improve this question

3 Answers 3

Reset to default
2

Probably the www user (the user running apache) does not have write permissions for this folder.

Chack the Permissions of the folders with for example ls -l and make sure that the www user has write permissions.

Improve this answer
1
  • No, this doesn't seem to be the problem. Even after I recursively set 777 permissions to /var/svn/repos, I still get the error. Commented Jun 22, 2012 at 17:21
1

@Cerin thanks for the answer, I just commented the following lines in Apache's configuration, restarted and it's SOLVED!! (In my case it was this file: /etc/httpd/conf.d/mod_security.conf):

  1. Comment these lines:

    #LoadModule security2_module modules/mod_security2.so #LoadModule unique_id_module modules/mod_unique_id.so

  2. Restart Apache server: apachectl -k restart

  3. Now you should be able to do svn commits to your repository.

If not, check your SELINUX configuration, check this page also https://stackoverflow.com/questions/960241/svn-permission-denied

Note: The file location can vary (can be merged in the httpd.conf with all the other configs.)

Improve this answer
0

Apparently, the upgrade automatically installed mod_security, whose default rules effectively break commit access for SVN.

The quick solution was yum remove mod_security. Obviously, this makes it less secure, but since it's an internal server, that's fine.

There seems to be a frustratingly large amount of mod_security documentation, but I don't have weeks to read through hundreds of docs just to find out how to make mod_security play nice with SVN.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.