Deny access to .svn folders on Apache
Solution 1
The best option is to use Apache configuration.
Using htaccess or global configuration depends mainly on if you control your server.
If you do, you can use something like
<DirectoryMatch .*\.svn/.*> Deny From All </DirectoryMatch>
If you don't, you can do something similar in .htaccess files with FilesMatch
Solution 2
One other way to protect the .svn files would be to use a redirect in the Apache config:
RedirectMatch 404 /\\.svn(/|$)
So instead of getting a 403 forbidden (and providing clues to would be attackers) you get a 404, which is what we would expect when randomly typing in paths.
Solution 3
I do not like the idea of 404ing each file startig wit a dot. I'd use a more selective approach, either with the cvs I'm using in the project (svn in the example)
RedirectMatch 404 /\\.svn(/|$)
or a catch all cvs systems
RedirectMatch 404 /\\.(svn|git|hg|bzr|cvs)(/|$)
-- outdated answer follows (see comments) --
I cant write comments yet so... The answer of csexton is incorrect, because an user cannot access the .svn folder, but can access any files inside it ! e.g. you can access http://myserver.com/.svn/entries
The correct rule is
RedirectMatch 404 /\\.svn(/.*|$)
Solution 4
I think Riccardo Galli got it right. Even apache already had .svn setup as forbidden for me, but .svn/entries was certainly available...exposing my svn server, port number, usernames, etc.
I actually figure, why not restrict .git as a preventative measure (say you don't use git yet but may someday at which time you will not be thinking about directory restrictions).
And then I thought, why not restrict everything that should be hidden anyway? Can anyone conceive of a problem with this?
RedirectMatch 404 /\\..*(/.*|$)
I added the '.*' after the initial period - only difference from Riccardo. Seems to 404 .svn, .git, .blah, etc.
Solution 5
I would rather deny access to all dot-files (eg: .htaccess, .svn, .xxx, etc.), as they normally don't need to be web-accessible.
Here's the rule to achieve this (until Apache 2.2 included):
<LocationMatch "\/\..*">
Order allow,deny
Deny from all
</LocationMatch>
(UPDATE) Or you can use the following (which works in Apache 2.2 and 2.4):
# Deny access to dot-files, as 404 error
# (not giving hint about potential existence to the file)
RedirectMatch 404 ".*\/\..*"
user2890149
Updated on February 15, 2020Comments
-
user2890149 over 4 years
How do I get the event handler of my dynamic button in the gridpane?
Stage window; public void start(Stage primaryStart) throws Exception{ window = primaryStart; window.setTitle("Minesweeper (Eventually)"); //GridPane with 10px padding around edge GridPane grid = new GridPane(); grid.setPadding(new Insets(10, 10, 10, 10)); for(int i = 0; i < 5; i++){ for(int j = 0; j<5; j++){ Button button = new Button("[]"); GridPane.setConstraints(button, i,j); grid.getChildren().add(button); } } Scene scene = new Scene(grid, 300, 200); window.setScene(scene); window.show(); button.setOnAction(e -> {System.out.println("Something");}); }
Because setOnAction gives me an error when refering to button object.