Hide Git Repos on Public Sites – David Egan
Apacheセキュリティ設定 #CentOS - Qiita
# # Forbid access to version control directories # # If you use version control systems in your document root, you should # probably deny access to their directories. For example, for subversion: # #<DirectoryMatch "/\.svn"> # Require all denied #</DirectoryMatch>
Ubuntu /etc/apache2/conf-enabled/security.conf
https://www.cnet.com/tech/computing/apache-security-quotleak-quot-noted-with-dsstore-files/
# Disallow browsing of Subversion working copy administrative dirs.
<DirectoryMatch "^/.*/\.svn/">
Order deny,allow
Deny from all
</DirectoryMatch>
https://stackoverflow.com/a/36714726
2.4
<DirectoryMatch "^/.*/\.svn/"> Require all denied </DirectoryMatch>
<FilesMatch "\.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config|yarn\.lock|package(|-lock)\.json)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$"> <IfModule mod_authz_core.c> Require all denied </IfModule>https://www.drupal.org/files/issues/2023-07-25/htaccess-package-lock-fix.patch
