I recently needed to block older clients from our corporate Subversion repository. It turns out merge history (which was introduced in SVN 1.5) isn’t stored property in older clients and can really be reliably counted upon from 1.6.6 and up. We had a requirement to mark 1.6 clients (earlier than 1.6.6) read-only, and deny earlier clients (1.5.x and earlier) all together.
It’s relatively easy to do in the apache.conf file.
This goes somewhere in the global directive space:
# Check to see if we're subversion, and if we are grab the version
SetEnvIf User-Agent SVN\/([0-9\.]+) svnVersion=$1
# Completely block old clients
SetEnvIf svnVersion ^1\.[0-5]\..+ svnDeny
# Deny write access to pre-1.6.6 clients
SetEnvIf svnVersion ^1\.6.[1-5]$ svnLock
Drop this in your Location directive:
# Some deny rules
Order Allow,Deny
Allow from all
Deny from env=svnDeny
Done!
Hi there,
Great help, I have been looking for this kind of snippet for ages.
We have got svnserver 1.5.5 served via Apache with WebDAV auth. The WebDAV directives are nested within
However, we are upgrading to 1.6.x and I’ve been trying to enable Active Directory authentication supported with LDAP thru the CollabNet Edge System. The auth works fine and end users get prompted via IE/Firefox, snv client 1.5 & 1.6 and Eclipse Subversive. I am really struggling to block any svn clients < 1.6.x. Note: our repos are different disk partition.
Now, when I try to use the following code in httpd.conf, I am prompted for password regardless of the client. I'd like to block the clients 1.5.5 though. Any help will be much appreciated.
AuthLDAPUrl “ldap://example.com/DC=FINEOS,DC=com?sAMAccountName,memberOf?sub?(&(sAMAccountName=*)(memberOf=CN=PRD_SVN_ALLOWED,OU=SECURITY_GROUPS,DC=FINEOS,DC=com)(objectCategory=user))” “NONE”
AuthLDAPBindDN “CN=srv_svnauth,OU=SERVICE_ACCOUNTS,DC=FINEOS,DC=com”
AuthLDAPBindPassword “************”
# Check to see if we’re subversion, and if we are grab the version
SetEnvIf User-Agent SVN\/([0-9\.]+) svnVersion=$1
# Completely block old clients
SetEnvIf svnVersion ^1\.[0-5]\..+ svnDeny
# Deny write access to pre-1.6.6 clients
SetEnvIf svnVersion ^1\.6.[1-5]$ svnLock
AliasMatch ^(/svn)$ “e:/svnrepos”
Order deny,allow
Allow from all
Deny from env=svnDeny
AuthBasicProvider ldap-users
AuthType Basic
AuthName LDAP_Protected_Place
AuthzLDAPAuthoritative off
Require valid-user
Cheers
Marcin