v5rsyq
Last Updated: February 25, 2016
·
885
· magnetikonline
Df1412e1775840374894798d5ed9a7ea

Hide your git on web servers

Deploying your sites via a git pull is the new black these days - which is all cool, but you don't want the public snooping your .git/, .gitignore and .gitmodules areas over your web server.

For nginx, add the following location to your sites managed under this method to 403 such requests:

location ~ "\.git($|/|attributes$|ignore$|modules$)" {
    return 404;
}

Stay safe!

Say Thanks
Respond

1 Response
Add your response

4071
D42a7264714dee5006b9c99d2567a320

Alternatively, it can make sense to init your repo one level above your web server root. Most hostings have the following subdirectories for each virtual host:

cgi-bin   # not accessible via http
tmp        # not accessible via http
www      # web root

Because you may have some scripts (e.g. cron jobs) running outside of www that are also part of the project.

over 1 year ago ·
Filed Under