[TASK] Disallow access to vcs directories 52/42152/2
authorPhilipp Gampe <philipp.gampe@typo3.org>
Wed, 29 Jul 2015 15:34:55 +0000 (17:34 +0200)
committerMarkus Klein <markus.klein@typo3.org>
Thu, 30 Jul 2015 21:33:21 +0000 (23:33 +0200)
Access to vcs directories should be denied by default to avoid leaking
information to the outsite that might have been accidentally committed
to a repository.
This does not effect the core as the version information is public by
license, but any repository containing configuration or third party
extensions.

Resolves: #68626
Releases: master,6.2
Change-Id: I4f3cb88e577f56ac71d882c8b11341da46a8b757
Reviewed-on: http://review.typo3.org/42152
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
_.htaccess

index 725ded7..2e06138 100644 (file)
@@ -314,6 +314,11 @@ AddDefaultCharset utf-8
        </IfModule>
 </FilesMatch>
 
+# Block access to vcs directories
+<IfModule mod_alias.c>
+       RedirectMatch 404 /\.(?:git|svn|hg)/
+</IfModule>
+
 ### End: Rewriting and Access ###