Tag Archives: apache

deny access to .git directory with Apache 2 on Debian

When you use GIT in order to deploy your website on an Apache web server, in everybody can access to the .git subfolder. Which means that it’s possible to get your source code (even passwords…).

Create a file name /etc/apache2/conf.d/denyGIT

# do not allow .git version control files to be issued
<Directorymatch "^/.*/\.git+/">
  Order deny,allow
  Deny from all
</Directorymatch>
<Files ~ "^\.git">
    Order allow,deny
    Deny from all 
</Files>

retart apache

/etc/init.d/apache restart

My DocumentRoot on Apache

Today Nicolas asked me to use a different root than /Library/Webserver/Documens/ his local websites.

He had “access forbidden” when using a symbolic link.

He found himself the solution, creating an alias :

Alias "/sxt" "/Volumes/DIVERS/projets/sxt/online/"
<Directory "/Volumes/DIVERS/projets/sxt/online/">
       Options Indexes FollowSymLinks MultiViews
       AllowOverride None
       Order allow,deny
       allow from all
</Directory>