P0lT10n P0lT10n - 2 months ago 8x
Git Question

Hide .git directory or file with apache

I want to deny the access to

directory (I personally changed the
folder location so it created a
file that has a path to the

I am using Apache 2.4.18. This is what I added to the apache2.conf at the bottom of the file

# Include my personal config
Include personal.conf

And inside
I wrote:

<DirectoryMatch "^\.git">
Require all denied

<FilesMatch "^\.git">
Require all denied

So, this will deny access to that file/directory starting with
in any location that the user via URL can.

Am I right? I mean by this, if a user try to access

Will this work for any virtualhost ? Any recommendations ?


The actual Directorymatch expression should be:

<Directorymatch "^/.*/\.git/">
  Order deny,allow
  Deny from all

But this is not the standard bast practice:

RedirectMatch 404 /\.git

Not only this deny .git access, but the user is not even aware of the existence of a git repo.