Hide your git on web servers
Deploying your sites via a git pull is the new black these days - which is all cool, but you don't want the public snooping your .git/, .gitignore and .gitmodules areas over your web server.
For nginx, add the following location to your sites managed under this method to 403 such requests:
location ~ "\.git($|/|attributes$|ignore$|modules$)" {
return 404;
}Stay safe!
Written by Peter Mescalchin
Related protips
1 Response
Add your response
Add your response
Alternatively, it can make sense to init your repo one level above your web server root. Most hostings have the following subdirectories for each virtual host:
cgi-bin # not accessible via http
tmp # not accessible via http
www # web rootBecause you may have some scripts (e.g. cron jobs) running outside of www that are also part of the project.
over 1 year ago
·
Have a fresh tip? Share with Coderwall community!
Post
Post a tip
Best
#Security
Authors
Sponsored by #native_company# — Learn More
#native_title#
#native_desc#