Make .git directory web inaccessible

git .htaccess apache2
Chris Muench picture Chris Muench · May 26, 2011 · Viewed 53k times · Source

I have a website that I use github (closed source) to track changes and update site. The only problem is, it appears the .git directory is accessible via the web. How can I stop this and still be able to use git?

Should I use .htaccess? Should I change permissions of .git?

Answer

Bennett McElwee picture Bennett McElwee · Jul 29, 2013

Put this in an .htaccess file at the root of your web server:

RedirectMatch 404 /\.git

This solution is robust and secure: it

  • works for all .git directories in your site, even if there are more than one,
  • also hides other Git files like .gitignore and .gitmodules
  • works even for newly-added .git directories, and
  • doesn't even give away the fact that the directories exist.

Related questions

How do I undo the most recent local commits in Git?

I accidentally committed the wrong files to Git, but didn't push the commit to the server yet. How can I undo those commits from the local repository?

Read More
How do I delete a Git branch locally and remotely?

I want to delete a branch both locally and remotely. Failed Attempts to Delete a Remote Branch $ git branch -d remotes/origin/bugfix error: branch 'remotes/origin/bugfix' not found. $ git branch -d origin/bugfix error: branch 'origin/bugfix' not …

Read More
How do I revert a Git repository to a previous commit?

How do I revert from my current state to a snapshot made on a certain commit? If I do git log, then I get the following output: $ git log commit a867b4af366350be2e7c21b8de9cc6504678a61…

Read More