Prevent access to .git/ directory

[clcain]

I installed phpVirtualBox from source and noticed that the .git/ directory was available publicly via HTTP. As this could be a security vulnerability, I figured it would be good to make sure to blacklist everything in .git/.

[trasherdk]

One could argue that you should not run phpVirtualBox out of your dev environment.

And, how could the contents of .git become an vulnerability?
Does that directory contain anything not available on github?

[clcain]

Just trying to prevent unexpected behavior. I would hope nothing private is in the git history, but I can imagine someone not being aware that their commits are being hosted along with the application.

[trasherdk]

I would be more concerned about the login being exposed to random drive-by hacking attempts.
Your installation should be protected by more than a simple login.

[h6w]

@trasherdk 's point is valid. A good sysadmin should protect it in multiple ways (My deployments aren't even accessible publicly but only via VPN/SSH/Virtual/Host/Local Network with 2FA.) However, @clcain 's point is that it's a possibility, and this is a simple fix, I'm going to allow it. Thanks for the suggestion!