Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Make .git directory web inaccessible

People also ask

Are .git files hidden?

git folder is hidden to prevent accidental deletion or modification of the folder. The version history of the code base will be lost if this folder is deleted.

Can I remove the .git folder?

Command line Git repository delete Just run the rm command with the -f and -r switch to recursively remove the . git folder and all of the files and folders it contains. This Git repo remove command also allows you to delete the Git repo while allowing all of the other files and folder to remain untouched.

Is the .git folder pushed to remote?

the . git folder contains local configurations and informations, so it's not on the remote server.


Put this in an .htaccess file at the root of your web server:

RedirectMatch 404 /\.git

This solution is robust and secure: it

  • works for all .git directories in your site, even if there are more than one,
  • also hides other Git files like .gitignore and .gitmodules
  • works even for newly-added .git directories, and
  • doesn't even give away the fact that the directories exist.

Create a .htaccess file in the .git folder and put the following in this file:

Order allow,deny
Deny from all

But note, that it would be lost if you ever re-cloned the repository


Both .htaccess and permissions on the .git/ folder would work. I recommend the former:

<Directory .git>
    order allow,deny
    deny from all
</Directory>

I didn't want to muck around in the .git directory and wasn't able to get Bennett's solution to work on Apache 2.2, but adding the following to my <VirtualHost> configuration worked:

RewriteRule ^.*\.git.* - [R=404]

A more robust and simple option would be disabling the READ and Execution permission of the .git directory.

Since mostly Apache (httpd) runs under a special user account, for example, it runs as user apache on CentOS, while the .git directory must be created under a real user account, so we can simply block the access by changing the permission. Moreover, this approach doesn't introduce any new file, nor affect the git commands.

The command can be:

chmod -R o-rx .git