n8gray.org: Protecting .svn directories

Protecting .svn directories

Wordpress 2.0.4 is out, and during the upgrade process I came to realize that I was potentially serving some unexpected content on my website. I’m using subversion to manage my installs of several web apps, and it turns out that the .svn directories that it litters about were actually accessible if you crafted a clever URL. I doubt this was much of a security problem, but it’s still something I’d rather fix.

The proper fix was slightly tricky, and it took a lot of searching to find help. I was trying to fix it in an .htaccess file, but the DirectoryMatch tag I needed isn’t allowed in .htaccess files for some reason. So in the end, here’s what I added to my httpd.conf file:

<DirectoryMatch "^/.*/\.svn/">
  Order deny,allow
  Deny from all
</DirectoryMatch>

September 5th, 2006 [Blogging] permalink TB

« Opera is Impressive! :: Stupid RAID tricks with EVMS and mdadm »

Search

Blog Categories

Archives

Links

Subscribe

Meta

Comments:


	n8blog distraction in action
	Home Blog Photos Research Code Links Contact Me Search Blog Categories Apple (41) OS X (35) Tips (9) Scripting (4) Blogging (11) blosxom (1) pyblosxom (1) Family (1) Gadgets (1) Hacking (10) C (1) Car (1) Hardware (2) OCaml (1) Music (2) Opinion (1) Photography (3) Projects (22) Backup-Bouncer (8) Forget-Me-Not (2) QLColorCode (4) ScriptExport (7) Utilities (1) Random (8) Unix (4) Ubuntu (1) Archives Links davidnoblet.com Mac OS X Hints R\|Mail The Rome Report WordPress yayfor.us Subscribe Blog Comments Meta Log in Protecting .svn directories Wordpress 2.0.4 is out, and during the upgrade process I came to realize that I was potentially serving some unexpected content on my website. I’m using subversion to manage my installs of several web apps, and it turns out that the .svn directories that it litters about were actually accessible if you crafted a clever URL. I doubt this was much of a security problem, but it’s still something I’d rather fix. The proper fix was slightly tricky, and it took a lot of searching to find help. I was trying to fix it in an .htaccess file, but the `DirectoryMatch` tag I needed isn’t allowed in .htaccess files for some reason. So in the end, here’s what I added to my httpd.conf file: <DirectoryMatch "^/./\.svn/"> Order deny,allow Deny from all </DirectoryMatch> September 5th, 2006 [Blogging] permalink TB « Opera is Impressive! :: Stupid RAID tricks with EVMS and mdadm » Comments: Leave a Comment Name (required) Mail (will not be published) (required) Website XHTML:* You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> Notify me of followup comments via e-mail Please type this word with the letters reversed: live