Created
June 10, 2013 12:58
-
-
Save jaxbot/5748513 to your computer and use it in GitHub Desktop.
Block nginx from serving .git directories
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
location ~ /\.git { | |
deny all; | |
} | |
# or, all . directories/files in general (including .htaccess, etc) | |
location ~ /\. { | |
deny all; | |
} |
Yes. I think it will be good to return 404
HTTP status code to let client side know requested resources are not found.
404 makes it such as if the resource is not even there. While otherwise h@ck0rs could potentially find files or directories by just looking at the HTTP status codes. Therefore, I do like 404
as well here.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Worth noting that
return 444;
just drops the connection (as far as I know) so, as @bsavelev mentioned, it might be better toreturn 404;
if you want it to look like.git
doesn't exist on the server.