Apache Fix

If your site is served by Apache, and you have access to Apache config files, there is a very simple way of preventing access to git files.

Open /etc/apache2/conf-enabled/security.conf for editing:

sudo nano /etc/apache2/conf-enabled/security.conf

You will see the following block:


# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
# probably deny access to their directories. For example, for subversion:
#
#<DirectoryMatch "/\.svn">
# Require all denied
#</DirectoryMatch>

Amend this to:



# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
# probably deny access to their directories. For example, for subversion:
#
<DirectoryMatch "/\.git">
Require all denied
</DirectoryMatch>

Save (ctrl + o) and exit (ctrl + x) and restart apache:

sudo service apache2 restart

Now try accessing the .git/config file. You should see something like this:

Forbidden
You don't have permission to access /wp-content/themes/david/.git/config on this server.

If you DO NOT have access to Apache config files, add these lines to a .htaccess file in your project root:



# ==================================================================
# Prevent .git access
# ==================================================================

RedirectMatch 404 /\.git

source: https://davidegan.me/hide-git-repos-on-public-sites/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post Navigation