One way many people use to keep their website updated is through a source control tool such as SVN. We've found it a useful tool to keep track of changes, allow developers or designers to work on files and to make sure the right files end up on the web server (and we can test the file set on a similar machine prior to making the changes live). We use it even for our HTML-only websites because it allows us to keep track of changes and provides a handy backup tool.

One downside of using SVN is that it creates .svn sub-directories in all the directories that are enlisted in the project. These directories can have information useful to a website hacker (database passwords, for example). So, we need to make sure that people cannot access these sub-directories through HTTP/HTTPS. You could place a .htaccess file in each of the .svn directories, but that is tedious and you have to remember to do it each time you add a new directories. If you have access to your configuration file for your web server, you can make the directories inaccessible there.

But if you don't have access at that level (and many of us don't) the easiest place to make the change is in the .htaccess file at the root of your website.

The following code does just that, assuming you have mod_rewrite in your Apache installation.

  RewriteEngine on
  RewriteRule ^((.*)/)?\.svn/(.*) [R,L]

This code checks to see if you have /.svn/ somewhere in the request, and, if it finds it, redirects the request to the root of your website (replace with your website root). You could bring up a 404 page if you have one instead of going to your website root.

blog comments powered by Disqus