How to block .git in Apache, Nginx and Cloudflare?
A) Nginx
If you are using Nginx you can add the following location directive in nginx.conf file
location ~ /\.git {
deny all;
}
Alternatively, you can return a 404 error if you don't want an attacker to assume that you have .git on your server.
location ~ /\.git {
return 404;
}
In this case, the server will return an HTTP 404 status code.
Whatever you choose, remember to restart Nginx after changing the configuration.
> service nginx restart
B) Apache HTTP
Let's see how to block access to .git on Apache web server.
You can use RedirectMatch or DirectoryMatch for this.
Using RedirectMatch is probably the easiest.
You just need to add the following to your httpd.conf or .htaccess file.
RedirectMatch 404 /\.git
The above setting will give 404 when someone accesses .git and the following will show 403.
RedirectMatch 403 /\.git
Then let's try using the DirectoryMatch rule by adding the following to the httpd.conf file.
<DirectoryMatch "^/.*/\.git/">
Deny from all
</Directorymatch>
Restart Apache and try to access the url including .git; it will show the server a 403 Forbidden error.
C) Cloudflare
But as you can guess, this will only work if your site is running over the Cloudflare network.
Sign in to Cloudflare
Go to Firewall >> Firewall Rules >> Create a Firewall rule tab.
Name the rule - GIT
Select field –- URI
Operator - contains
Value - .git
Choose an action - Block and save
It will take approximately 1 minute to propagate the rule to all Cloudflare datacenters.
After that, Cloudflare will do the rest.
BY ABSHQ
