问题描述
我要保持我的网站/ s的版本控制(颠覆专),并使用 SVN合作
来更新它的时候有稳定的版本更新,但我担心这样做,因为所有的的.svn
文件夹的安全将是公开的,这其中就包括各种私人数据,其中最重要的是完整的源$ C $的C到我的网站!
I want to keep my website/s in version control (Subversion specifically) and use svn co
to update it when there are stable versions to update, but I'm concerned about the security of doing so, as all the .svn
folders will be public, and these include all sorts of private data, not least of which is complete source code to my website!
请问有什么我可以做prevent呢?
Is there anything I can I do to prevent this?
推荐答案
两件事情:
-
不要使用IfModule为你需要present功能。没事做自动索引,因为它可能不是present,而不是该计划的关键。但是你指望改写存在present来保护您的内容。因此,最好是删除IfModule指令,让阿帕奇告诉你重写不是present为您启用它(或至少知道你会不会被'保护',自觉地注释行)
Do not use IfModule for functionality you need to be present. It's okay to do it for the autoindex because it might not be present and is not crucial to the scheme. But you are counting on rewrite being present to protect your content. Thus, it's better to remove the IfModule directive and let apache tell you when rewrite is not present for you to enable it (or at least know that you won't be 'protected' and consciously comment the lines)
没有必要使用重写那里,如果你有机会到主配置文件,更容易将是一个
No need to use rewrite there if you have access to main configuration files, much easier would be one of
<DirectoryMatch \.svn>
Order allow,deny
Deny from all
</DirectoryMatch>
这将产生403禁止(这是从视图HTTP遵守好点)
或者,如果你想采取含糊的路线的安全,使用AliasMatch
which will generate 403 Forbidden (which is better from HTTP compliance point of view)or, if you want to take the security by obscurity route, use AliasMatch
AliasMatch \.svn /non-existant-page
如果你没有获得你留下了希望mod_rewrite的在使用的.htaccess启用。主配置文件
If you don't have access to main configuration files you're left with hoping mod_rewrite is enabled for usage in .htaccess.
这篇关于如何隐藏在Apache的目录,特别是源头控制?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!