Last Updated: February 25, 2016

Hide your git on web servers

Deploying your sites via a git pull is the new black these days - which is all cool, but you don't want the public snooping your .git/, .gitignore and .gitmodules areas over your web server.

For nginx, add the following location to your sites managed under this method to 403 such requests:

location ~ "\.git($|/|attributes$|ignore$|modules$)" {
    return 404;
}

Stay safe!

#security

#nginx

#git

Written by Peter Mescalchin

Say Thanks

Respond

Related protips

Goodbye PHP Sessions, Hello JSON Web Tokens

229.9K

GPG: Change email for key in PGP key servers

39.8K

Redirect authenticated user on anonymous pages in Symfony

31.83K

1 Response

Add your response

dpashkevich

Alternatively, it can make sense to init your repo one level above your web server root. Most hostings have the following subdirectories for each virtual host:

cgi-bin   # not accessible via http
tmp        # not accessible via http
www      # web root

Because you may have some scripts (e.g. cron jobs) running outside of www that are also part of the project.

over 1 year ago ·

Have a fresh tip? Share with Coderwall community!

Post

Post a tip

Best #Security Authors

229.5K

w0ng

39.45K

31.68K

jasny

26.21K

26.07K

Related Tags

Filed Under

Awesome Job

Post a job for only $299

#native_title# #native_desc#

#native_cta#

Hide your git on web servers

Written by Peter Mescalchin

Related protips

Goodbye PHP Sessions, Hello JSON Web Tokens

GPG: Change email for key in PGP key servers

Redirect authenticated user on anonymous pages in Symfony

1 Response Add your response

Have a fresh tip? Share with Coderwall community!

1 Response

Add your response