Turn Your Vehicle Into a Smart Earning Asset

While you’re not driving your car or bike, it can still be working for you. MOTOSHARE helps you earn passive income by connecting your vehicle with trusted renters in your city.

🚗 You set the rental price
🔐 Secure bookings with verified renters
📍 Track your vehicle with GPS integration
💰 Start earning within 48 hours

Join as a Partner Today

It’s simple, safe, and rewarding. Your vehicle. Your rules. Your earnings.

DevSecOps

How to Secure .git repo repository files and directory web inaccessible

February 1, 2022 1 Comment

Many times, people use git repository to host website in productions by clone-push-pull but it has one drawbacks, it appears the .git directory is accessible via the web. How we can prevent this? Here there are 2 ways which are recommended given below;

  • One redirects to a 404 aka to issue a 404 (w/ mod_rewrite):
  • Redirect it to the domain root

Code Verified in June 2025

To be done in .htaccess in the website main directory

# Safely block all access to .git and related files
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteRule (^|/)\.git(/|$) - [F,L]
  RewriteRule (^|/)\.gitignore$ - [F,L]
  RewriteRule (^|/)\.gitmodules$ - [F,L]
</IfModule>Code language: HTML, XML (xml)

Summary Table

OptionSecuritySite works?SEO SafeRecommended?
Block Only (.git etc.)✅ Strong✅ Yes✅ Yes✅ Yes
Redirect Everything❌ Bad❌ No❌ No❌ No
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*/)?\.git+ - [R=404,L]
</IfModule>
# Second line of defense (if no mod_rewrite)
RedirectMatch 404 ^(.*/)?\.git+


# Make .git files and directory web inaccessible
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*/)?\.git+ - [R=404,L]
# Redirect all traffic to the home page
RewriteCond %{REQUEST_URI} !^/$
RewriteRule ^ / [R=301,L]
</IfModule>

# Second line of defense (if no mod_rewrite)
RedirectMatch 404 ^(.*/)?\.git+

# Redirect all traffic to the home page (if no mod_rewrite)
RedirectMatch 301 ^(.*)$ /
Code language: PHP (php)

How to download .git repo from public website?

$ wget --mirror -I .git https://www.domain.com/.git/ --no-check-certificate
$ wget --mirror -I .git https://www.domain.com/.git/Code language: JavaScript (javascript)
Subscribe
Notify of
guest
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
RustyNox
RustyNox
2 years ago

But why not deploy .git directory at all, then you can also skip ssh auth on production nightmare, etc.
main.yml

name: Deploy Source Files

on:
 push:
  branches:
   - main

jobs:
 deploy:
  runs-on: ubuntu-latest

  steps:
   - name: Checkout Repository
    uses: actions/checkout@v2

   - name: Copy Source Files
    run: |
     rsync -av --exclude='.git' --exclude='.github' ${{ github.workspace }}/ /path/to/production/server/

0

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

1
0
Would love your thoughts, please comment.x
()
x