Deny access to .svn folders on Apache

csexton picture csexton · Dec 29, 2008 · Viewed 33.7k times · Source

We have a rails application in subversion that we deploy with Capistrano but have noticed that we can access the files in '/.svn', which presents a security concern.

I wanted to know what the best way to do this. A few ideas:

  • Global Apache configuration to deny access
  • Adding .htaccess files in the public folder and all subfolders
  • Cap task that changes the permissions

I don't really like the idea of deleting the folders or using svn export, since I would like to keep the 'svn info' around.

Answer

Vinko Vrsalovic picture Vinko Vrsalovic · Dec 29, 2008

The best option is to use Apache configuration.

Using htaccess or global configuration depends mainly on if you control your server.

If you do, you can use something like

<DirectoryMatch .*\.svn/.*>
    Deny From All
</DirectoryMatch>

If you don't, you can do something similar in .htaccess files with FilesMatch