Make .git directory web inaccessible

Create a .htaccess file in the .git folder and put the following in this file:

Order allow,deny
Deny from all

But note, that it would be lost if you ever re-cloned the repository


Put this in an .htaccess file at the root of your web server:

RedirectMatch 404 /\.git

This solution is robust and secure: it

  • works for all .git directories in your site, even if there are more than one,
  • also hides other Git files like .gitignore and .gitmodules
  • works even for newly-added .git directories, and
  • doesn't even give away the fact that the directories exist.

Both .htaccess and permissions on the .git/ folder would work. I recommend the former:

<Directory .git>
    order allow,deny
    deny from all
</Directory>

Tags:

Git

.Htaccess

Apache2

Recent Posts