开发者

Modifying apache to prevent public accessibility of .git folder

开发者 https://www.devze.com 2023-04-01 08:48 出处:网络
I read here that the \".git folder is at the root level of the web site, and is probably publicly accessible. To protect the folder and prevent unwanted clones of the repository, add the following to

I read here that the ".git folder is at the root level of the web site, and is probably publicly accessible. To protect the folder and prevent unwanted clones of the repository, add the following to your top-level .htaccess file to forbid web access:"

# deny access to the top-level git repository:
RewriteEngine On
RewriteRule \.git - [F,L]

First of all, THANKS Joe Maller!

In my virtual host file i have the RewriteEngine On command with the following specs:

<VirtualHost *:80>
        ...
        RewriteEngine On
        RewriteCond %{SERVER_PORT} !443
        RewriteRule (.*) https://www.mydomain.com/ [R]
</VirtualHost>

Could i just add the git rewrite rule following the rewrite rule for ssl like so:

<VirtualHost *:80>
        ...
        RewriteEngine On
        RewriteCond %{SERVER_PORT} !443
        RewriteRule (.*) https://www.mydomain.com/ [R]
        Re开发者_如何转开发writeRule \.git - [F,L]
</VirtualHost>

Thanks!


That should work. It's easy to test to make sure, though. Just try to browse to http://www.mydomain.com/.git and see if it works.

0

精彩评论

暂无评论...
验证码 换一张
取 消