你如何隐藏 .git 项目目录?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2999353/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do you hide .git project directories?
提问by Xeoncross
Now that I have nginx setup I need to be able to hide my .gitdirectories. What kind of rewrite would I need to stop prying eyes? And where in the server {}or http {}block would it go?
现在我已经安装了 nginx,我需要能够隐藏我的.git目录。我需要什么样的重写才能停止窥探?它会在server {}orhttp {}块中的哪个位置?
回答by rzab
http {
server {
location ~ /\.git {
deny all;
}
}
}
This locationdirective will deny access to any .gitdirectory in any subdirectory.
该location指令将拒绝访问.git任何子目录中的任何目录。
Note:This location block must be before your main location block, so that it can be evaluated first.
注意:此位置块必须在您的主位置块之前,以便可以首先对其进行评估。
回答by Jon Jaroker
Hidden directories and files should never be web accessible. The general answer to your question is:
隐藏的目录和文件永远不能通过网络访问。你的问题的一般答案是:
location ~ /\. { return 403; }
This denies access to .git, .svn, .htaccess and similar files in any subdirectory.
这拒绝访问任何子目录中的 .git、.svn、.htaccess 和类似文件。
回答by Oliver Maksimovic
With other solutions I could download /.git/configand others, just /.gitwas protected. This one denies everything starting with a dot, regardless how deep the requested URL is:
使用我可以下载的其他解决方案/.git/config和其他解决方案,只是/.git受到保护。这个拒绝所有以点开头的内容,无论请求的 URL 有多深:
location ~ /\.(.*)/?(.*)? {
return 404;
}
回答by user2300902
This will prevent someone from hitting the http://example.com/.gitbut if your working in a subdirectory like this http://example.com/example/.gitit will fail. You really need:
这将阻止某人访问http://example.com/.git,但如果您在这样的子目录中工作http://example.com/example/.git它将失败。你真的需要:
location ~ .*/\.git {
deny all;
}
