From 231fecfea95aec4f71f9e4c82641a8d38b1bdc8b Mon Sep 17 00:00:00 2001
From: Philipp Gampe <philipp.gampe@typo3.org>
Date: Wed, 29 Jul 2015 17:34:55 +0200
Subject: [PATCH] [TASK] Disallow access to vcs directories

Access to vcs directories should be denied by default to avoid leaking
information to the outsite that might have been accidentally committed
to a repository.
This does not effect the core as the version information is public by
license, but any repository containing configuration or third party
extensions.

Resolves: #68626
Releases: master,6.2
Change-Id: I4f3cb88e577f56ac71d882c8b11341da46a8b757
Reviewed-on: http://review.typo3.org/42100
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
---
 _.htaccess | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/_.htaccess b/_.htaccess
index 725ded7121b8..2e06138c403e 100644
--- a/_.htaccess
+++ b/_.htaccess
@@ -314,6 +314,11 @@ AddDefaultCharset utf-8
 	</IfModule>
 </FilesMatch>
 
+# Block access to vcs directories
+<IfModule mod_alias.c>
+	RedirectMatch 404 /\.(?:git|svn|hg)/
+</IfModule>
+
 ### End: Rewriting and Access ###
 
 
-- 
GitLab