Bug#548213: Apache should protect .svn directories

To: submit@bugs.debian.org
Subject: Bug#548213: Apache should protect .svn directories
From: Dmitry Katsubo <dma_k@mail.ru>
Date: Thu, 24 Sep 2009 17:01:25 +0200
Message-id: <4ABB89C5.6040904@mail.ru>
Reply-to: Dmitry Katsubo <dma_k@mail.ru>, 548213@bugs.debian.org

Package: apache2.2-common
Version: 2.2.13-1

Usually during Web development when site is checked out from SVN
repository, .svn folder contains site sources, which can be accessed
from the Web in raw form (e.g. http://site.com/dir/.svn/entries). That
can be a potential security hole.

Solution:

Include the following configuration into apache /etc/apache2/apache2.conf:

<Directory ~ ".*\.svn">
    Order allow,deny
    Deny from all
</Directory>


With best regards,
Dmitry

Reply to:

Prev by Date: apr_1.3.8-1+sh4_sh4.changes ACCEPTED
Next by Date: apache2 2.2.13-2 MIGRATED to testing
Previous by thread: apr_1.3.8-1+sh4_sh4.changes ACCEPTED
Next by thread: apache2 2.2.13-2 MIGRATED to testing
Index(es):
- Date
- Thread