How to Secure Your .git Folders (Apache)
To check if your .git folder is public, navigate to the .git folder in a browser, for example:
If presented with a directory listing, your .git folder is exposed to the internet and you should use one of the following methods to prevent public access to this sensitive information. These methods don’t indicate that the folders exist, they produce a 404 error.

  Create a Redirect using .htaccess  
You will need to create or edit the file .htaccess and save it to the root of your web server, the file needs to include this line:

RedirectMatch 404 /\.git

Once the .htaccess file has been created or updated, save, exit your editor and restart apache:

systemctl reload apache2

Depending on your preference or access to the server, another method is to redirect using the Apache config file.

  Create a Redirect using Apache  
To create this redirect you will need to edit the Apache2 config file. If the package installer was used for Debian / Ubuntu systems, the file is found at /etc/apache2/apache2.conf and can be modified using a text editor to add the line below:

RedirectMatch 404 /.git

Restart Apache to apply the changes and activate the redirect:

systemctl reload apache2
Notify of

Inline Feedbacks
View all comments