Hide Git Repos on Public Sites – David Egan
Apacheセキュリティ設定 #CentOS - Qiita
#
# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
# probably deny access to their directories. For example, for subversion:
#
#<DirectoryMatch "/\.svn">
# Require all denied
#</DirectoryMatch>
Ubuntu /etc/apache2/conf-enabled/security.conf
https://www.cnet.com/tech/computing/apache-security-quotleak-quot-noted-with-dsstore-files/
# Disallow browsing of Subversion working copy administrative dirs.
<DirectoryMatch "^/.*/\.svn/">
Order deny,allow
Deny from all
</DirectoryMatch>
https://subversion.apache.org/faq.html#website-auto-update
https://stackoverflow.com/a/36714726
2.4
<DirectoryMatch "^/.*/\.svn/">
Require all denied
</DirectoryMatch>
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package(|-lock)\.json)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
https://www.drupal.org/files/issues/2023-07-25/htaccess-package-lock-fix.patch