Hacker News new | ask | show | jobs
by ionfish 6111 days ago
For your Apache config.

  # Disallow viewing of .svn and .git directory contents
  <DirectoryMatch \.(svn|git)>
    Order allow,deny
    Deny from all
  </DirectoryMatch>
4 comments
bcl 6111 days ago
May as well throw in .hg

Oh. Now we're blacklisting.

If you are going to use this solution, you are better off blacklisting all dotfiles except .htaccess, assuming you allow it.

link
ionfish 6111 days ago
Even if you do use .htaccess files, you still shouldn't be showing them to anyone who requests them from your web server!
link
bcl 6110 days ago
Ha! Correct!
link
patio11 6111 days ago
For Nginx:

location ~ /\.(svn|git) { deny all; }

link
djdarkbeat 6076 days ago 

  # Disallow viewing of .svn and .git and .hg directory contents
  <Directory ~ \.(svn|git|hg)>
    Order allow,deny
    Deny from all
  </Directory>
link
djdarkbeat 6076 days ago
As well as leaving .gitignore exposed also.
link