Tag Archives: security

deny access to .git directory with Apache 2 on Debian

When you use GIT in order to deploy your website on an Apache web server, in everybody can access to the .git subfolder. Which means that it’s possible to get your source code (even passwords…).

Create a file name /etc/apache2/conf.d/denyGIT

# do not allow .git version control files to be issued
<Directorymatch "^/.*/\.git+/">
  Order deny,allow
  Deny from all
</Directorymatch>
<Files ~ "^\.git">
    Order allow,deny
    Deny from all 
</Files>

retart apache

/etc/init.d/apache restart