prevent apache from serving .git directory

How to Prevent Apache from Serving .git Directory

Apache is a popular web server used by millions of websites and applications. Often web development teams employ git version control system to manage their source code, and set up Apache to directory read files and data from git repository’s directory. Every git repository has a hidden .git directory that stores key information such as index, head, etc. Since Apache reads files from git repository’s folder, it is possible that Apache server ends up serving contents of .git directory. But .git directory is required only for repo management and it should not be visible via your website’s URLs. So you need to prevent Apache from serving .git directory. In this article, we will learn how to prevent Apache from serving .git directory. You can use it to block access to .git directory.


How to Prevent Apache from Serving .git Directory

To proceed with the following steps, you need to open .htaccess file of your Apache server. If you have not set up mod_rewrite/.htaccess on your Apache server yet, then follow step # 1 below, else skip to step #2.

1. Enable mod_rewrite

If you have already enabled mod_rewrite on your Apache server, you can skip this step. Otherwise, run the following commands as per your Linux distribution.

Ubuntu/Debian

$ sudo a2enmod rewrite

Redhat/CentOS/Fedora

Open Apache configuration file in a text editor.

$ sudo vi /etc/apache2/httpd.conf
OR
$ sudo vi /etc/httpd/httpd.conf

Look for the following line.

#LoadModule rewrite_module modules/mod_rewrite.so

Uncomment it by removing # at its beginning. If you don’t find this line, add it afresh.

Also look for the following Directory tag and change AllowOverride from None to All.

. . .
<Directory /var/www/html>
. . .
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
. . .
</Directory>
. . .

2. Open .htaccess file

Open terminal and run the following command to open .htaccess file in your website’s root folder. If your website root is located somewhere else, then please update the file path below as per your requirement.

$ sudo vi /var/www/html/.htaccess

3. Prevent .git directory

Add the following lines to prevent .git directory from being served.

<Directorymatch "^/.*/\.git/">
  Order 'deny,allow'
  Deny from all
</Directorymatch>

Save and close the file. The above code matches all URLs where directory name starts with ‘.git’ and blocks it, by returning 403 Access Forbidden response.

Alternatively, you can also add the following RedirectMatch directive to match and block URLs starting with .git. You can use response code as 404 (Page Not Found) or 403 (Access Forbidden) as per your requirement.

RedirectMatch 404 /\.git

4. Restart Apache Server

Restart Apache server to apply changes.

$ sudo service apache2 restart

In this article, we have learnt how to prevent apache from serving .git directory. It can be used to block access to .git directory.

Also read:

How to Check if String is Substring of Items in List
How to Check if Column is Empty or Null in MySQL
How to Modify MySQL Column to Allow Null
How to Schedule Multiple Cron Jobs in One Crontab
How to POST JSON Data in Python

Leave a Reply

Your email address will not be published. Required fields are marked *