安全性：拒绝访问用mod_rewrite .hg / * [英] Security: Deny access to .hg/* via mod_rewrite

问题描述

我的网站是一个多subrepositories一个变幻无常的存储库。我要确保我拒绝访问服务器上的所有文件中的每一个.hg目录。

My website is a mercurial repository with multiple subrepositories. I need to make sure I'm denying access to all files in every .hg directory on the server.

例如，我有 http://example.com/.hg/ 和 http://example.com/subrepo1/。 HG /

我添加以下为.htaccess：

I've added the following to .htaccess:

<Files ~ "^\.(hg|ht)">
    Order allow,deny
    Deny from all
</Files>

这是一个良好的开端，因为它拒绝访问文件 .hg 和 .HT 开始，但它不拒绝访问里面的文件 .hg 目录中，所以如果有人类型，例如 http://example.com/.hg /支，该分支的文件将显示在他们的浏览器。

This is a good start, as it denies access to files beginning with .hg and .ht, but it doesn't deny access to the files inside .hg directories, so if someone types, for instance http://example.com/.hg/branch, the branch file will be displayed in their browser.

我需要什么做才能确保这些文件没有显示给用户？我想送无论是403还是404回浏览器，如果有人试图访问我的服务器中的任何 .hg 目录中的文件。

What do I need to do in order to make sure these files are not displayed to the user? I'd like to send either a 403 or a 404 back to the browser if someone tries to access a file inside any .hg directory on my server.

这问题也是有关的人，其网站是一个颠覆/ svn库。

This question is also relevant for anyone whose website is a subversion / svn repository.

推荐答案

如果你不这样做的有无的使用的mod_rewrite ，那么你可以只是这样做：

If you don't have to use mod_rewrite, then you can just do this:

RedirectMatch 404 /\\.hg(/|$)

（全面披露：答案适用于水银从这个问题做同样的事情，Subversion的）。

(Full disclosure: answer adapted for Mercurial from this question about doing the same thing for Subversion).

这篇关于安全性：拒绝访问用mod_rewrite .hg / *的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！