Skip to content

Instantly share code, notes, and snippets.

@jaxbot
Created June 10, 2013 12:58
Show Gist options
  • Save jaxbot/5748513 to your computer and use it in GitHub Desktop.
Save jaxbot/5748513 to your computer and use it in GitHub Desktop.
Block nginx from serving .git directories
location ~ /\.git {
deny all;
}
# or, all . directories/files in general (including .htaccess, etc)
location ~ /\. {
deny all;
}
@pruyas-simplex
Copy link

nice

Copy link

ghost commented Apr 7, 2020

Better don't spend resources for non-senses and return 444 that closes the connection, TCP RST is sent to the client, and all memory occupied by this socket is released.

location ~ /\. {
        deny all;
        return 444;
        access_log off;
}

@gennyble
Copy link

Worth noting that return 444; just drops the connection (as far as I know) so, as @bsavelev mentioned, it might be better to return 404; if you want it to look like .git doesn't exist on the server.

@peter279k
Copy link

Yes. I think it will be good to return 404 HTTP status code to let client side know requested resources are not found.

@melroy89
Copy link

404 makes it such as if the resource is not even there. While otherwise h@ck0rs could potentially find files or directories by just looking at the HTTP status codes. Therefore, I do like 404 as well here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment