Day before , we decided to migrate to new server and wanted to make sure our repos are accessible by specific ip Only
as per standard apache we tried
Order deny,allow Deny from all Allow from IP.OF.ALLOWED.HOST
But this one ends up with
Invalid command ‘Order’, perhaps misspelled or defined by a module not included in the server configuration
We need to load security module (More Here) to make sure it understand ip restrictions , to do so and make sure ip restrictions work fine
open your %VISUALSVN_SERVER%conf\httpd-custom.conf file and copy below block
LoadModule authz_host_module bin/mod_authz_host.so LoadModule auth_basic_module bin/mod_auth_basic.so <Location /svn/> Order Deny,Allow Deny From All Allow From xxx.xxx.xxx.xxx Allow From xxx.xxx.xxx.xxx </Location>
Don’t miss to restart your server to make sure this changes are in effect!
That’s all
Happy coding !
It does not work with Visual server manager Version: 3.5.7
i tried:
LoadModule authz_host_module bin/mod_authz_host.so
LoadModule auth_basic_module bin/mod_auth_basic.so
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From ::11
to limit connections only to my computer where the server is running but i could not connect to repositories after that change.
any advice how to limit to localhost the svn server?
you missed to defined the location
Thanks
Vinay
[EDIT] should be
Allow From ::1
Hello Vinay,
* Don’t forget to remove those customizations from %VISUALSVN_SERVER%conf\http-custom.conf file. Those customizations might cause unexpected behavior if you keep them in the config.
* Have you considered configuring Windows Firewall rules instead of adjusting server’s config? You can adjust Windows Firewall rules to deny certain clients to access VisualSVN Server based on their IP address. I guess that in your case it would be the best solution. Look for `VisualSVN Server (TCP-In)` inbound rule and customize its *Scope* and *Action* in accordance with your requirements.
Thanks for your valuable feedback.
Thanks
Vinay
There is a dedicated option in Visual SVN to limit IP to ie loopback only. The option is called bind to. Here is the message i got from Visual SVN support team:
“VisualSVN Server listens on all IP interfaces available on the computer, by
default. But in case you don’t need to make the server available on
network, you could just configure server to bind to 127.0.0.1 and listen to
loopback only.”
for the IPv6 you may want to add address ::1 to the whitelist.
That is what article explains how you can do that
Thanks for valuable feedback
Thanks
Vinay