https的配置:
1 httpd.conf中打开如下conf文件的配置:
Include etc/opt/CollabNet_Subversion/conf/extra/httpd-vhosts.conf
2 在extra/httpd-vhosts.conf中增加下面配置:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}$1 [L,R]
# RewriteBase /
# RewriteCond %{SERVER_PORT} 443
# RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</VirtualHost>
同时去掉所有<VirtualHost *:80>相关的其他配置,即只保留一份<VirtualHost *:80>设置。
3 打开ssl的配置:
Include etc/opt/CollabNet_Subversion/conf/extra/httpd-ssl.conf
修复问题:不用登陆即可查询数据。
修改data/params中的属性为:'requirelogin' => '1',
修复phpinfo.php页面信息泄露问题,将文件
/opt/svnmanager-1.08/phpinfo.php改名 phpinfo_php
修复https://bugzilla.lenovo.com/svnmanager/js/datepicker/css/等目录下的遍历问题。
修改httpd_svnmanager.conf,注释掉Options Indexes FollowSymLinks
Alias /svnmanager/ "/opt/svnmanager-1.08/"
<Directory "/opt/svnmanager-1.08/">
AllowOverride none
# Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
bugzilla与LDAP的集成:
修改data/params的配置:
'LDAPBaseDN' => 'dc=lenovo,dc=com',
'LDAPbinddn' => 'uid=admin,ou=system:secret',
'LDAPfilter' => '',
'LDAPmailattribute' => 'mail',
'LDAPserver' => 'ldap://10.99.201.86:10389',
'LDAPstarttls' => 0,
'LDAPuidattribute' => 'uid',
'user_verify_class' => 'LDAP',
20160329补充:
为了升级OpenSSL,必须升级Collabnet_Subversion,因为OpenSSL被集成进了Collabnet_Subversion。
针对问题:HTTP TRACE / TRACK Methods Allowed
修改httpd.conf,增加:
TraceEable off
针对问题: