发表新帖
发表新帖

Make .git directory web inaccessible

后端 未结
关注
9 1684
耶瑟儿~
耶瑟儿~ 2020-11-30 17:22

I have a website that I use github (closed source) to track changes and update site. The only problem is, it appears the .git directory is accessible via the web. How can I

相关标签:
9条回答
  • 不要未来只要你来
    2020-11-30 17:54

    solution for apache2 (LAMP) server - you have 2 places to add .htaccess contents.. if 1 fails, try next

    1. for (development environment)

    create .htaccess file in /var/www/html root directory and paste the code inside it

    <Directorymatch "^/.*/\.git/">
  Order 'deny,allow'
  Deny from all
</Directorymatch>
    1. for (Production environment)

    inside virtual host file (/etc/apache2/sites-enabled/) >find your virtualhost file> open file > after closing of virtualhost tag, paste

    <Directorymatch "^/.*/\.git/">
  Order 'deny,allow'
  Deny from all
</Directorymatch>

    no need to restart the server, it runs when page is called upon

    0 讨论(0)
  • 耶瑟儿~
    2020-11-30 17:56

    Instead of messing with .htaccess rules like most answers suggest, why not simply put the .git/ directory above the webroot?

    In my setups, my .git directory usually lives in something like:

    /home/web/project_name/.git/

    My actual code lives in

    /home/web/project_name/www_root/

    since my web root (as defined on Apache or Nginx.. I prefer the latter) is /home/web/project_name/www_root/ there's no way the .git directory can be accessible from the web since it lives "higher" than the webroot

    0 讨论(0)
  • 别跟我提以往
    2020-11-30 18:03

    Both .htaccess and permissions on the .git/ folder would work. I recommend the former:

    <Directory .git>
    order allow,deny
    deny from all
</Directory>
    0 讨论(0)
  • 孤城傲影
    2020-11-30 18:05

    I'm not comfortable with controlling access to my .git folders individually and choose to do it via apache config instead of .htaccess, to prevent me overwriting them, or forgetting on a new install etc.

    Here are some detailed instructions hope they help. I'm using Ubuntu 16.10.

    1. First check what happens if you navigate to the .git folder in a browser. In my case I was presented with a directory listing. If you are seeing what you shouldn't be seeing (ie. you're not getting a 404), do the following.
    2. Use apache2ctl -V to get the HTTPD_ROOT and SERVER_CONFIG_FILE
    3. Use this to edit your apache config, in my case $ sudo nano /etc/apache2/apache2.conf
    4. Add the following somewhere in the config file: RedirectMatch 404 /.git
    5. Restart apache: $ sudo service apache2 restart
    6. Should now get you a 404 if you navigate to the folder again
    7. I tried this with .gitignore and also got a 404
    0 讨论(0)
  • 抹茶落季
    2020-11-30 18:05

    A more robust and simple option would be disabling the READ and Execution permission of the .git directory.

    Since mostly Apache (httpd) runs under a special user account, for example, it runs as user apache on CentOS, while the .git directory must be created under a real user account, so we can simply block the access by changing the permission. Moreover, this approach doesn't introduce any new file, nor affect the git commands.

    The command can be:

    chmod -R o-rx .git
    0 讨论(0)
  • 有刺的猬
    2020-11-30 18:06

    Create a .htaccess file in the .git folder and put the following in this file:

    Order allow,deny
Deny from all

    But note, that it would be lost if you ever re-cloned the repository

    0 讨论(0)
 看不清?
提交回复
热议问题