Aaron Saray

open source programmer,
web developer

entrepreneur, author
and musician

My Blog

contains PHP, Web and business/entrepreneurial related content. Please join in the conversation!

Restrict your .git directory on live site

Posted on June 15, 2010 by Aaron

Do you use Git to manage your repository? If so, do you use it to check out code onto the server as well? If you do, you really should restrict access to your .git directory if it’s in your public root. (If you’re using things like Zend Framework, chances are your root directory is not your public directory, so you have less to worry about.)

Simply, add the following lines to your apache config:

?View Code APACHE
1
2
3
<directory /full/path/to/public/.git>
  Deny from All
</directory>

This will simply rewrite the request to your home page. No more accessing things like your ‘config’ file that could potentially hold useful information about your Git repo configuration. (You may remember this topic being discussed with SVN here.

This entry was posted in git, security, Uncategorized and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>