Can Github blog about the problem with having a .git inside a public html folder on an apache server? #126759
Unanswered
andytriboletti
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Question
Body
Can Github blog about the problem with having a .git inside a public html folder on an apache server? Did this already happen and I missed it?
I found out my files were available in cleartext from the .git folder because I didn't have an .htaccess prohibiting it.
One way to do it is this line in .htaccess:
RedirectMatch 404 /.git
Another way I do it is not putting the git repository in the public_html folder, but one level up not being served by Apache.
I blogged here about it:
https://blog.greenrobot.com/2024/05/31/watch-out-for-problem-with-having-a-git-folder-inside-a-public-html-folder-on-an-apache-server/
Beta Was this translation helpful? Give feedback.
All reactions