deny access to .git directory with Apache 2 on Debian

When you use GIT in order to deploy your website on an Apache web server, in everybody can access to the .git subfolder. Which means that it’s possible to get your source code (even passwords…).

Create a file name /etc/apache2/conf.d/denyGIT

# do not allow .git version control files to be issued
<Directorymatch "^/.*/\.git+/">
  Order deny,allow
  Deny from all
<Files ~ "^\.git">
    Order allow,deny
    Deny from all 

retart apache

/etc/init.d/apache restart

Leave a Reply

Your email address will not be published. Required fields are marked *