Preventing access to .svn folders in Apache

When you use SVN to deploy your website on the apache server, in each folder everybody can access to the .svn subfolders. So it’s possible to get your code (even passwords…).
2 solutions can be used in the Apache config file :

<Files ".svn">
    Order allow,deny
    Deny from all
</Files>
<DirectoryMatch "/\.svn/">
    Order allow,deny
    Deny from all
</DirectoryMatch>

or

RedirectMatch 404 /\.svn(/|$)

I added the 2nd solution to my apache.conf and it works fine.

I fould them on http://www.subversionary.org/martintomes/preventing-access-to-svn-folders-in-apache

But if you are not the admin of your web server, you can just use a .htaccess file like that :

RewriteRule ^(.*/)?\.svn/ - [F,L]
ErrorDocument 403 "Accès interdit

I found this last line in http://maestric.com/fr/doc/programming/subversion

Leave a Reply

Your email address will not be published. Required fields are marked *