安全性:拒绝访问用mod_rewrite .hg / * [英] Security: Deny access to .hg/* via mod_rewrite
问题描述
我的网站是一个多subrepositories一个变幻无常的存储库。我要确保我拒绝访问服务器上的所有文件中的每一个.hg目录。
My website is a mercurial repository with multiple subrepositories. I need to make sure I'm denying access to all files in every .hg directory on the server.
例如,我有 http://example.com/.hg/
和 http://example.com/subrepo1/。 HG /
我添加以下为.htaccess:
I've added the following to .htaccess:
<Files ~ "^\.(hg|ht)">
Order allow,deny
Deny from all
</Files>
这是一个良好的开端,因为它拒绝访问文件 .hg
和 .HT
开始,但它不拒绝访问里面的文件 .hg
目录中,所以如果有人类型,例如 http://example.com/.hg /支
,该分支的文件将显示在他们的浏览器。
This is a good start, as it denies access to files beginning with .hg
and .ht
, but it doesn't deny access to the files inside .hg
directories, so if someone types, for instance http://example.com/.hg/branch
, the branch file will be displayed in their browser.
我需要什么做才能确保这些文件没有显示给用户?我想送无论是403还是404回浏览器,如果有人试图访问我的服务器中的任何 .hg
目录中的文件。
What do I need to do in order to make sure these files are not displayed to the user? I'd like to send either a 403 or a 404 back to the browser if someone tries to access a file inside any .hg
directory on my server.
这问题也是有关的人,其网站是一个颠覆/ svn库。
This question is also relevant for anyone whose website is a subversion / svn repository.
推荐答案
如果你不这样做的有无的使用的mod_rewrite
,那么你可以只是这样做:
If you don't have to use mod_rewrite
, then you can just do this:
RedirectMatch 404 /\\.hg(/|$)
(全面披露:答案适用于水银从这个问题做同样的事情,Subversion的)。
(Full disclosure: answer adapted for Mercurial from this question about doing the same thing for Subversion).
这篇关于安全性:拒绝访问用mod_rewrite .hg / *的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!