Skip to content

I suggest you...

← Feature Suggestions

deny access to .git folder by default

I think it would be great if you could prevent access to .git folders that are usually left exposed by users in the server when building the vhost templates .

It's very common that users forget to remove credentials and other sensitive information out of their repositories so by leaving the folder exposed it's possible for an attacker to gain access to this sensitive information.

Currently we manually protect those folders when we spot them but it would be nice if this was implemented from the start.

For example in nginx the following rule could be used.

location ~ /.git {
deny all;
}

For apache something like this

<Directorymatch "^/.*/\.git/">
Order deny,allow
Deny from all
</Directorymatch>

6 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Gabriel T shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Gabriel T commented  ·   ·  Report

    You could at least give us a way to add custom directives globally for all sites on the vhost template itself. You could modify it to be able to include configuration files from the vhost it's related to.

Feature Suggestions: Security

Categories

Feedback and Knowledge Base

(thinking…)