如何在 Apache 中隐藏目录,特别是源代码控制? [英] How do I hide directories in Apache, specifically source-control?
问题描述
我想让我的网站保持版本控制(特别是 Subversion),并在有稳定版本更新时使用 svn co 来更新它,但我担心这样做的安全性所以,因为所有的 .svn 文件夹都将是公开的,其中包括各种私人数据,其中最重要的是我网站的完整源代码!
I want to keep my website/s in version control (Subversion specifically) and use svn co to update it when there are stable versions to update, but I'm concerned about the security of doing so, as all the .svn folders will be public, and these include all sorts of private data, not least of which is complete source code to my website!
我可以做些什么来防止这种情况发生?
Is there anything I can I do to prevent this?
推荐答案
两件事:
不要将 IfModule 用于您需要提供的功能.可以为自动索引执行此操作,因为它可能不存在并且对方案并不重要.但是您指望存在重写以保护您的内容.因此,最好删除 IfModule 指令并让 apache 告诉您何时不存在重写以启用它(或者至少知道您不会受到保护"并有意识地注释这些行)
Do not use IfModule for functionality you need to be present. It's okay to do it for the autoindex because it might not be present and is not crucial to the scheme. But you are counting on rewrite being present to protect your content. Thus, it's better to remove the IfModule directive and let apache tell you when rewrite is not present for you to enable it (or at least know that you won't be 'protected' and consciously comment the lines)
如果您可以访问主要配置文件,则无需在那里使用重写,其中之一会更容易
No need to use rewrite there if you have access to main configuration files, much easier would be one of
<DirectoryMatch \.svn>
Order allow,deny
Deny from all
</DirectoryMatch>
这将生成 403 Forbidden(从 HTTP 合规性的角度来看更好)或者,如果您想通过默默无闻的路线来确保安全,请使用 AliasMatch
which will generate 403 Forbidden (which is better from HTTP compliance point of view) or, if you want to take the security by obscurity route, use AliasMatch
AliasMatch \.svn /non-existant-page
如果您无权访问主要配置文件,则只能希望在 .htaccess 中启用 mod_rewrite 以供使用.
If you don't have access to main configuration files you're left with hoping mod_rewrite is enabled for usage in .htaccess.
这篇关于如何在 Apache 中隐藏目录,特别是源代码控制?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
