Deny access to .svn folders on Apache

The best option is to use Apache configuration.

Using htaccess or global configuration depends mainly on if you control your server.

If you do, you can use something like

<DirectoryMatch .*\.svn/.*>    Deny From All</DirectoryMatch>

If you don't, you can do something similar in .htaccess files with FilesMatch

svn apache deployment capistrano

One other way to protect the .svn files would be to use a redirect in the Apache config:

RedirectMatch 404 /\\.svn(/|$)

So instead of getting a 403 forbidden (and providing clues to would be attackers) you get a 404, which is what we would expect when randomly typing in paths.

svn apache deployment capistrano

I do not like the idea of 404ing each file startig wit a dot.I'd use a more selective approach, either with the cvs I'm using in the project (svn in the example)

RedirectMatch 404 /\\.svn(/|$)

or a catch all cvs systems

RedirectMatch 404 /\\.(svn|git|hg|bzr|cvs)(/|$)

-- outdated answer follows (see comments) --

I cant write comments yet so...The answer of csexton is incorrect, because an user cannot access the .svn folder, but can access any files inside it !e.g. you can accesshttp://myserver.com/.svn/entries

The correct rule is

RedirectMatch 404 /\\.svn(/.*|$)

CodeHunter

Deny access to .svn folders on Apache

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last