How to block access to the .svn/entries on my webserver?

Question

I setup an NGINX webserver and use svn to manage project folder. Nessus found the weakness:

Configure permissions for the affected
web server to deny access to the
'.svn' directory.

How do I block access to the .svn directory? It seems that svn export is the more preferable way to checkout on the webserver, but it easier to me to use svn up.

score 8 · Answer 1 · answered Dec 18 '10 at 16:21

8

finally I found the right way to make it in nginx. Add to nginx.conf this lines in server {} definition:

    location ~ /.svn/ {
      deny all;
    }

That's all!

answered Dec 18 '10 at 16:21

Daniel

534
4
16

score 1 · Answer 2 · answered Nov 30 '10 at 15:04

1

Put the following in a file called ".htaccess" (if you're running Apache):

<FilesMatch "^\.svn">
  Deny from all
</FilesMatch>

answered Nov 30 '10 at 15:04

goreSplatter

11
1

score 0 · Answer 3 · answered Apr 08 '13 at 19:52

0

Quite frankly, I prefer

RedirectMatch permanent .*\.(svn|git|hg|bzr|cvs)/.* /

To the 404 or 403 errors. That way, the user sees your site root page.

answered Apr 08 '13 at 19:52

Mikaciù

29
4

score 0 · Answer 4 · edited Apr 13 '17 at 12:13

0

If you're under IIS, you can use the method outlined here:

https://serverfault.com/questions/23340/ignoring-svn-directories-under-iis

edited Apr 13 '17 at 12:13

Community

1
1

answered Nov 30 '10 at 15:11

Moo-Juice

38,257
10
78
128

How to block access to the .svn/entries on my webserver?

4 Answers4