Security: Deny access to .hg/* via mod_rewrite

Question

My website is a mercurial repository with multiple subrepositories. I need to make sure I\'m denying access to all files in every .hg directory on the server.

For exampl

Answer 1

This is much less of a concern if you just keep the repositories outside of your DocumentRoot altogether. You're probably using hgweb or hgwebdir, which don't require the files be inside the DocumentRoot, so don't do it. Put them in /home/hg/repos or something and configure your hgwebdir.conf to look there.

The only reason to have the repos inside the DocumentRoot would be enable the static-http URL form for mercurial, but it's very slow and hgweb is always preferred when it's possible.