I set on to install subversion with Apache on Fedora 11 and after all the steps were completed I was not able to import a project in to the repository due to this error:
[omerio@future TestProject]$ svn import -m “Initial Import” /tmp/TestProject http://salam/repos/TestProject
Authentication realm: <http://salam:80> Authorization Realm
Password for ‘omerio’:
svn: applying log message to /repos/!svn/wbl/c0e1dee1-2e96-432e-a904-054d922233d8/0: 501 Method Not Implemented (http://salam)
I checked my svn setup and everything was fine, even a Google search didnt help. Luckily I remembered that I have mod_security with Apache, a quick check revealed that mod_security was blocking subversions http requests as seen from the mod_security logs
[Sat Sep 26 13:13:59 2009] [error] [client 192.168.1.5] ModSecurity: Access denied with code 501 (phase 2). Match of “rx (?:^(?:application\\\\/x-www-form-urlencoded(?:;(?:\\\\s?charset\\\\s?=\\\\s?[\\\\w\\\\d\\\\-]{1,18})?)??$|multipart/form-data;)|text/xml)” against “REQUEST_HEADERS:Content-Type” required. [file “/etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf”] [line “69”] [id “960010”] [msg “Request content type is not allowed by policy”] [severity “WARNING”] [tag “POLICY/ENCODING_NOT_ALLOWED”] [hostname “salam”] [uri “/repos/!svn/wbl/909077f2-7e84-4b7d-8e8a-8cbc35fc1ef0/0”] [unique_id “Sr4Fh38AAAEAABSMGt4AAAAA”]
I checked Google and found this page which was very useful, so I added a number of mod_security exceptions to the subversion.conf Apache configuration file, Although I had to commit a few projects to get a list of the violated mod_security rules. I think if I get any further mod_security issues with svn I will disable the security engine for svn:
<Location /repos> DAV svn SVNPath /var/opt/apps/svn/repos AuthType Basic AuthName "Authorization Realm" AuthUserFile /var/opt/apps/passwd/passwords Require valid-user <IfModule mod_security2.c> SecRuleRemoveByID 960032 SecRuleRemoveByID 960015 SecRuleRemoveByID 960904 SecRuleRemoveByID 960010 SecRuleRemoveByID 960035 SecRule REQUEST_METHOD "^(PROPFIND|PROPPATCH)$" allow SecRule REQUEST_METHOD "^(REPORT|OPTIONS)$" allow SecRule REQUEST_METHOD "^(MKACTIVITY|CHECKOUT)$" allow SecRule REQUEST_METHOD "^(PUT|DELETE|MERGE)$" allow SecRule REQUEST_METHOD "^(MKCOL)$" allow </IfModule> </Location>