问题
I have moved from Apache 2.2 hosted subversion repositories to VisualSVN (v3.9.2 with Apache 2.4) with Windows authentication (basic). This is a new setup, no upgrade, and after importing the repositories I can checkout, update and commit just fine. Also, accessing the web interface with a browser works (requiring name and password).
Now I want to exclude pdf-files from the need of authentication, so that anyone knowing the correct URL can view them with a browser.
In the old setup I have added this location section:
<LocationMatch ^.+\.[pP][dD][fF](\?[pr]=\d+)*$>
AuthType None
Allow from all
Satisfy Any
Require all granted
</LocationMatch>
Removing the Allow.../Satisfy... directives as they are no longer supported lets me start the server but gives a 500 error code when accessing pdf files.
If I only have the Require all granted directive, it still request a name and password.
After some research and comparing with the auto-generated httpd.conf I added some options and tried different combinations of them, but none worked:
<LocationMatch "^.+\.[pP][dD][fF]\/?(\?[pr]=\d+)?$">
AuthType None
AuthMerging Or
SVNPathAuthz off
AuthzVisualSVNAuthoritative off
SVNOverrideAll on
Require all granted
</LocationMatch>
If I navigate the browser to a folder inside a repository and enter credentials and only then navigate to the pdf file it works. Only if I open the link to the pdf file without prior authentication I get the server error. On the server the event log shows the following error message:
AH00027: No authentication done but request not allowed without authentication for /svn/Test/trunk/test.pdf. Authentication not configured?
[client 10.1.1.254]
With a higher loglevel for the apache server I had this information upon a pdf access:
AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
AH01626: authorization result of Require all granted: granted
AH01626: authorization result of <RequireAny>: granted
AH01626: authorization result of AuthMerging Any: granted
So it seems like the Apache grants access but VisualSVN still requires authentication.
Has anyone done something similar and found a solution?
回答1:
VisualSVN Server now does not support anonymous access. A user must be authenticated and authorized to view repository contents. And you should not modify the server's httpd.conf or httpd-custom.conf files to enable anonymous access - this may result in unexpected behavior.
Instead of adjusting VisualSVN Server's config, consider another option. Write a script that will fetch the required PDF files from the repository and will make them available for users via some another HTTP server that does not require authentication. This could be a post-commit script or a script that polls the repository and downloads files if there were changes.
来源:https://stackoverflow.com/questions/54671895/visualsvn-authentication-exclusion