Tag Archives: website

deny access to .git directory with Apache 2 on Debian

When you use GIT in order to deploy your website on an Apache web server, in everybody can access to the .git subfolder. Which means that it’s possible to get your source code (even passwords…).

Create a file name /etc/apache2/conf.d/denyGIT

# do not allow .git version control files to be issued
<Directorymatch "^/.*/\.git+/">
  Order deny,allow
  Deny from all
<Files ~ "^\.git">
    Order allow,deny
    Deny from all 

retart apache

/etc/init.d/apache restart

Apache2 Mass Virtual Hosting

I’m preparing an IPv6 server to host all my projects. It’s so nice to start with a clean one.

First thing, I’ll use Apache2 with his wonderful Mass Virtual Hosting.
This will allow me to create a new web site named www.newwebsite.com only by creating the following directory : /home/hosts/www.newwebsite.com/

Nice isn’t it ?

I’m following this article: http://httpd.apache.org/docs/2.0/vhosts/mass.html

Here are all the command I used for Mass Hosting on Debian Etch:

root@strange:/etc/apache2/mods-enabled# ln -s ../mods-available/vhost_alias.load
mkdir /home/websites
mkdir /home/websites/www.example.com
mkdir /home/websites/www.example.com/online (for my online files)
mkdir /home/websites/www.example.com/offline (where I keep documents about the website)

Then I just replaced the content of /etc/apache2/sites-enabled/000-default by:

# get the server name from the Host: header
UseCanonicalName Off
# this log format can be split per-virtual-host based on the first field
LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
CustomLog /var/log/apache2/access_log vcommon
# include the server name in the filenames used to satisfy requests
VirtualDocumentRoot /home/websites/%0/online
VirtualScriptAlias /home/websites/%0/cgi-bin

Here we are… just have to configure www.example.com’s IP

Next step : SVN Server. I’ll keep a backup of every versions of my projects…