How to Secure Your .git Folders (Apache)
To check if your .git folder is public, navigate to the .git folder in a browser, for example: https://yourdomain.com/.git/
If presented with a directory listing, your .git folder is exposed to the internet and you should use one of the following methods to prevent public access to this sensitive information. These methods don’t indicate that the folders exist, they produce a 404 error.
If presented with a directory listing, your .git folder is exposed to the internet and you should use one of the following methods to prevent public access to this sensitive information. These methods don’t indicate that the folders exist, they produce a 404 error.
Create a Redirect using .htaccess
You will need to create or edit the file .htaccess and save it to the root of your web server, the file needs to include this line:
RedirectMatch 404 /\.git
Once the .htaccess file has been created or updated, save, exit your editor and restart apache:
systemctl reload apache2
Depending on your preference or access to the server, another method is to redirect using the Apache config file.
Create a Redirect using Apache
To create this redirect you will need to edit the Apache2 config file. If the package installer was used for Debian / Ubuntu systems, the file is found at /etc/apache2/apache2.conf and can be modified using a text editor to add the line below:
RedirectMatch 404 /.git
Restart Apache to apply the changes and activate the redirect:
systemctl reload apache2
Subscribe
Login
0 Comments
Oldest
Blue Haze v1.1.1
© 2024 Elite Star Services
ClassicPress v2.2.0