:::: MENU ::::

Restrict access to visualsvn server

Day before ,  we decided to migrate to new server and wanted to make sure our repos are accessible by specific ip Only

as per standard apache we tried

Order deny,allow
Deny from all
Allow from IP.OF.ALLOWED.HOST

But this one ends up with

Invalid command ‘Order’, perhaps misspelled or defined by a module not included in the server configuration

We need to load security module (More Here) to make sure it understand ip restrictions , to do so and make sure ip restrictions work fine

open your %VISUALSVN_SERVER%conf\httpd-custom.conf file and copy below block

LoadModule authz_host_module bin/mod_authz_host.so
LoadModule auth_basic_module bin/mod_auth_basic.so

<Location /svn/>
Order Deny,Allow
Deny From All

Allow From xxx.xxx.xxx.xxx
Allow From xxx.xxx.xxx.xxx
</Location>

Don’t miss to restart your server to make sure this changes are in effect!

That’s all

Happy coding !


7 Comments

  • Reply jimmy |

    It does not work with Visual server manager Version: 3.5.7
    i tried:

    LoadModule authz_host_module bin/mod_authz_host.so
    LoadModule auth_basic_module bin/mod_auth_basic.so

    Order Deny,Allow
    Deny From All

    Allow From 127.0.0.1
    Allow From ::11

    to limit connections only to my computer where the server is running but i could not connect to repositories after that change.

    any advice how to limit to localhost the svn server?

  • Reply bahrep |

    Hello Vinay,

    * Don’t forget to remove those customizations from %VISUALSVN_SERVER%conf\http-custom.conf file. Those customizations might cause unexpected behavior if you keep them in the config.

    * Have you considered configuring Windows Firewall rules instead of adjusting server’s config? You can adjust Windows Firewall rules to deny certain clients to access VisualSVN Server based on their IP address. I guess that in your case it would be the best solution. Look for `VisualSVN Server (TCP-In)` inbound rule and customize its *Scope* and *Action* in accordance with your requirements.

  • Reply jimmy |

    There is a dedicated option in Visual SVN to limit IP to ie loopback only. The option is called bind to. Here is the message i got from Visual SVN support team:

    “VisualSVN Server listens on all IP interfaces available on the computer, by
    default. But in case you don’t need to make the server available on
    network, you could just configure server to bind to 127.0.0.1 and listen to
    loopback only.”

    for the IPv6 you may want to add address ::1 to the whitelist.

So, what do you think ?