Prevent GIT folder access in Apache

Every developer should know that it is a bad practice to host the GIT folder on your site. Even though it is a hidden folder and Apache by default don't list the contents of it, hackers can easily steal data from it.

Still it might happen that due to a lazy upload the GIT folder came along with the uploaded files.

One of our fellow white hat hackers made me aware of this (thanks!

To prevent any data leaks I adjusted the Apache configuration so that it will not serve files inside the .git folders.

Steps to prevent Apache from serving GIT folder:

vi /etc/httpd/conf/httpd.conf

In the bottom add:

# Block GIT access
RedirectMatch 404 /\.git