How to Secure .git repo repository files and directory web inaccessible

Many times, people use git repository to host website in productions by clone-push-pull but it has one drawbacks, it appears the .git directory is accessible via the web. How we can prevent this? Here there are 2 ways which are recommended given below;

• One redirects to a 404 aka to issue a 404 (w/ mod_rewrite):
• Redirect it to the domain root

Code Verified in Nov 2023

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*/)?\.git+ - [R=404,L]
</IfModule>
# Second line of defense (if no mod_rewrite)
RedirectMatch 404 ^(.*/)?\.git+


# Make .git files and directory web inaccessible
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*/)?\.git+ - [R=404,L]
# Redirect all traffic to the home page
RewriteCond %{REQUEST_URI} !^/$
RewriteRule ^ / [R=301,L]
</IfModule>

# Second line of defense (if no mod_rewrite)
RedirectMatch 404 ^(.*/)?\.git+

# Redirect all traffic to the home page (if no mod_rewrite)
RedirectMatch 301 ^(.*)$ /

How to download .git repo from public website?

$ wget --mirror -I .git https://www.domain.com/.git/ --no-check-certificate
$ wget --mirror -I .git https://www.domain.com/.git/

• Author
• Recent Posts

Follow me

Rajesh Kumar

Mentor for DevOps - DevSecOps - SRE - Cloud - Container & Micorservices at Software AG

Join my following certification courses...
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/

My Linkedin - https://www.linkedin.com/in/rajeshkumarin

Follow me

Latest posts by Rajesh Kumar (see all)

• Best AI tools for Software Engineers - November 4, 2024
• Installing Jupyter: Get up and running on your computer - November 2, 2024
• An Introduction of SymOps by SymOps.com - October 30, 2024