P0lT10n P0lT10n - 3 months ago 10
Git Question

Hide .git directory or file with apache

I want to deny the access to

.git
directory (I personally changed the
.git
folder location so it created a
.git
file that has a path to the
.git
folder).

I am using Apache 2.4.18. This is what I added to the apache2.conf at the bottom of the file

# Include my personal config
Include personal.conf


And inside
personal.conf
I wrote:

<DirectoryMatch "^\.git">
Require all denied
</DirectoryMatch>

<FilesMatch "^\.git">
Require all denied
</FilesMatch>


So, this will deny access to that file/directory starting with
.git
in any location that the user via URL can.

Am I right? I mean by this, if a user try to access
www.example.com/.git
*
or
www.example.com/---/---/---/---/---/.gitsomething


Will this work for any virtualhost ? Any recommendations ?

Answer

The actual Directorymatch expression should be:

<Directorymatch "^/.*/\.git/">
  Order deny,allow
  Deny from all
</Directorymatch>

But this is not the standard bast practice:

RedirectMatch 404 /\.git

Not only this deny .git access, but the user is not even aware of the existence of a git repo.

Comments