The best option is to use Apache configuration.

最好的选择是使用 Apache 配置。

Using htaccess or global configuration depends mainly on if you control your server.

使用 htaccess 或全局配置主要取决于您是否控制服务器。

If you do, you can use something like

如果你这样做，你可以使用类似的东西

<DirectoryMatch .*\.svn/.*>
    Deny From All
</DirectoryMatch>

If you don't, you can do something similar in .htaccess files with FilesMatch

如果不这样做，您可以使用 FilesMatch 在 .htaccess 文件中执行类似操作

One other way to protect the .svn files would be to use a redirect in the Apache config:

保护 .svn 文件的另一种方法是在 Apache 配置中使用重定向：

RedirectMatch 404 /\.svn(/|$)

So instead of getting a 403 forbidden (and providing clues to would be attackers) you get a 404, which is what we would expect when randomly typing in paths.

因此，您得到的不是 403 禁止（并提供可能是攻击者的线索），而是 404，这是我们在随机输入路径时所期望的。

I do not like the idea of 404ing each file startig wit a dot. I'd use a more selective approach, either with the cvs I'm using in the project (svn in the example)

我不喜欢用一个点对每个文件进行 404 处理的想法。我会使用更具选择性的方法，或者使用我在项目中使用的 cvs（示例中的 svn）

RedirectMatch 404 /\.svn(/|$)

or a catch all cvs systems

或捕获所有 cvs 系统

RedirectMatch 404 /\.(svn|git|hg|bzr|cvs)(/|$)

-- outdated answer follows (see comments) --

- 过时的答案如下（见评论）-

I cant write comments yet so... The answer of csexton is incorrect, because an user cannot access the .svn folder, but can access any files inside it ! e.g. you can access http://myserver.com/.svn/entries

我还不能写评论所以... csexton 的答案是不正确的，因为用户无法访问 .svn 文件夹，但可以访问其中的任何文件！例如，您可以访问 http://myserver.com/.svn/entries

The correct rule is

正确的规则是

RedirectMatch 404 /\.svn(/.*|$)

I think Riccardo Galli got it right. Even apache already had .svn setup as forbidden for me, but .svn/entries was certainly available...exposing my svn server, port number, usernames, etc.

我认为 Riccardo Galli 做对了。即使 apache 已经禁止我设置 .svn，但 .svn/entries 肯定是可用的……暴露我的 svn 服务器、端口号、用户名等。

I actually figure, why not restrict .git as a preventative measure (say you don't use git yet but may someday at which time you will not be thinking about directory restrictions).

我实际上想，为什么不限制 .git 作为一种预防措施（假设您还没有使用 git，但可能有一天您不会考虑目录限制）。

And then I thought, why not restrict everything that should be hidden anyway? Can anyone conceive of a problem with this?

然后我想，为什么不限制所有应该隐藏的东西呢？任何人都可以想到这个问题吗？

RedirectMatch 404 /\..*(/.*|$)

I added the '.*' after the initial period - only difference from Riccardo. Seems to 404 .svn, .git, .blah, etc.

我在初始阶段后添加了 '.*' - 与 Riccardo 的唯一区别。似乎是 404 .svn、.git、.blah 等。

I would rather deny access to all dot-files (eg: .htaccess, .svn, .xxx, etc.), as they normally don't need to be web-accessible.

我宁愿拒绝访问所有点文件（例如：.htaccess、.svn、.xxx 等），因为它们通常不需要可通过网络访问。

Here's the rule to achieve this (until Apache 2.2 included):

这是实现此目的的规则（直到包含 Apache 2.2）：

<LocationMatch "\/\..*">
    Order allow,deny
    Deny from all
</LocationMatch>

(UPDATE)Or you can use the following (which works in Apache 2.2 and 2.4):

（更新）或者您可以使用以下内容（适用于 Apache 2.2 和 2.4）：

# Deny access to dot-files, as 404 error
# (not giving hint about potential existence to the file)
RedirectMatch 404 ".*\/\..*"

This:

这个：

RedirectMatch permanent .*\.(svn|git|hg|bzr|cvs)/.* /

can also be used if you don't want to send an error back to the user.

如果您不想将错误发送回用户，也可以使用。

It's only redirecting back to the site rootpage. Also, this is a permanent redirect, so the robots won't try to reindex this URL.

它只是重定向回站点根页面。此外，这是一个永久重定向，因此机器人不会尝试重新索引此 URL。

Apache Subversion FAQ is sugesting this solution:

Apache Subversion 常见问题解答正在使用此解决方案：

# Disallow browsing of Subversion working copy administrative dirs.
<DirectoryMatch "^/.*/\.svn/">
    Order deny,allow
    Deny from all
</DirectoryMatch>

source: https://subversion.apache.org/faq.html#website-auto-update

来源：https: //subversion.apache.org/faq.html#website-auto-update

RedirectMatch like other directives from mod_alias is case sensitive even on case-insensitive file systems (see mod_alias documentation). So the answers above about matching and blocking files of all version control systems are not correct.

RedirectMatch 与来自 mod_alias 的其他指令一样，即使在不区分大小写的文件系统上也是区分大小写的（请参阅mod_alias 文档）。所以上面关于所有版本控制系统的匹配和阻止文件的答案是不正确的。

Instead of

代替

RedirectMatch 404 /\.(svn|git|hg|bzr|cvs)(/|$)

or

或者

RedirectMatch permanent .*\.(svn|git|hg|bzr|cvs)/.* /

something like this is necessary

这样的事情是必要的

RedirectMatch 404 "(?i)/\.?(cvs|svn|git|hg|bzr)"

to really block everything, because

真正阻止一切，因为

• CVS directories are uppercase; and
• don't start with a dot (.) in front.

• CVS 目录是大写的；和
• 不要以点 (.) 开头。

I hope that helps.

我希望这有帮助。

I seems to me, Apache conf should be :

在我看来，Apache conf 应该是：

<Directory ~ "\.svn">
    Order allow,deny
    Deny from all
</Directory>

I'm not all that fond of RedirectMatch, so I used a RewriteRule instead:

我不太喜欢 RedirectMatch，所以我使用了 RewriteRule：

RewriteRule /\..*(/.*|$) - [R=404,L]

The hyphen means "don't do any substitution". I also could not figure out why, in the examples above, the regex had two backslashes:

连字符的意思是“不要做任何替换”。我也无法弄清楚为什么在上面的例子中，正则表达式有两个反斜杠：

/\..*(/.*|$)

So I took one out and it works fine. I can't figure out why you would use two there. Someone care to enlighten me?

所以我拿出了一个，效果很好。我不明白为什么你会在那里使用两个。有人关心启发我吗？