To make a really long story short as possible, let's just say that I have
been able to setup Apache, the Mod_Security, SSL and SubVersion and
I am able to access the subversion repository locally with the svn
commands and the web-browser, but not remotely.
The SSL certificates are installed in the /etc/httpd/conf directory and it
work via the browser and the svn commands in the shell. But doing this
remotely with a web-browser or the following svn command results in the
server certificate not being passed to the client at all. It appears to show
some bogus certificate Issuer instead. as follows:
+ svn list https://svn
.<domain>.com
Error validating server certificate for 'https://svn
.<domain>.com:443':
- The certificate is not issued by a trusted authority. Use the fingerprint to
validate the certificate manually!
- The certificate hostname does not match.
Certificate information:
- Hostname: <hostname>.<domain>.com
- Valid: from Sun, 09 Dec 2007 01:13:54 GMT until Mon, 08 Dec 2008 01:13:54 GMT
- Issuer: SomeOrganizationalUnit, SomeOrganization, SomeCity, SomeState, --
- Fingerprint: 70:ab:9c:b3:97:a3:98:02:39:5e:59:b4:50:2c:07:bc:66:64:c4:c4
(R)eject, accept (t)emporarily or accept (p)ermanently? t
svn: PROPFIND request failed on '/'
svn: PROPFIND of '/': 405 Method Not Allowed (https://svn
.<domain>.com)
Below is the mod_security audit log file showing the results:
=============================================================
/var/log/httpd/modsec_audit.log:
Note: Client: 10.1.0.11. Server: 10.1.0.143
=============================================================
--5b7f8e6b-A--
[08/Feb/2008:16:13:55 --0800] lRvlFwoBAI8AACDvh3wAAAAB 10.1.0.11 2006 10.1.0.143 443
--5b7f8e6b-B--
PROPFIND / HTTP/1.1
Host: svn.<domain>.com
User-Agent: SVN/1.4.5 (r25188) neon/0.26.4
Keep-Alive:
Connection: TE, Keep-Alive
TE: trailers
Content-Length: 300
Content-Type: text/xml
Depth: 0
Accept-Encoding: gzip, gzip
--5b7f8e6b-C--
<?xml version="1.0" encoding="utf-8"?>
<propfind xmlns="DAV:">
<prop>
<version-controlled-configuration xmlns="DAV:"/><resourcetype xmlns="DAV:"/>
<baseline-relative-path xmlns="
http://subversion.tigris.org/xmlns/dav/"/>
<repository-uuid xmlns="
http://subversion.tigris.org/xmlns/dav/"/>
</prop>
</propfind>
--5b7f8e6b-F--
HTTP/1.1 405 Method Not Allowed
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1
--5b7f8e6b-H--
Message: Access allowed (phase 2). Pattern match "^(PROPFIND|PROPPATCH)$" at
REQUEST_METHOD. [id "1"] [msg "SVN request, allow it."]
Stopwatch: 1202516035101975 51173 (1957* 2642 -)
Producer: ModSecurity v2.1.3 (Apache 2.x)
Server: Apache/2.2.6 (Fedora)
--5b7f8e6b-Z--
=============================================================