Last Updated: February 25, 2016

Hide your git on web servers

Deploying your sites via a git pull is the new black these days - which is all cool, but you don't want the public snooping your .git/, .gitignore and .gitmodules areas over your web server.

For nginx, add the following location to your sites managed under this method to 403 such requests:

location ~ "\.git($|/|attributes$|ignore$|modules$)" {
    return 404;
}

Stay safe!

#security

#nginx

#git

Written by Peter Mescalchin

Say Thanks

Respond

Related protips

Goodbye PHP Sessions, Hello JSON Web Tokens

231K

GPG: Change email for key in PGP key servers

40.56K

Redirect authenticated user on anonymous pages in Symfony

32.24K

1 Response

Add your response

dpashkevich

Alternatively, it can make sense to init your repo one level above your web server root. Most hostings have the following subdirectories for each virtual host:

cgi-bin   # not accessible via http
tmp        # not accessible via http
www      # web root

Because you may have some scripts (e.g. cron jobs) running outside of www that are also part of the project.

over 1 year ago ·

Have a fresh tip? Share with Coderwall community!

Post

Post a tip

Best #Security Authors

231K

w0ng

40.55K

32.24K

jasny

27.55K

26.9K

Related Tags

Filed Under

Awesome Job

Post a job for only $299

#native_title# #native_desc#

#native_cta#

Hide your git on web servers

Written by Peter Mescalchin

Related protips

Goodbye PHP Sessions, Hello JSON Web Tokens

GPG: Change email for key in PGP key servers

Redirect authenticated user on anonymous pages in Symfony

1 Response Add your response

Have a fresh tip? Share with Coderwall community!

1 Response

Add your response