Deny Access to by extension e.g .git

sheke · August 5, 2020, 10:07am

1. Caddy version (`caddy version`):

Caddy version v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=

2. How I run Caddy:

Caddy runs as a web server on port 80 and 443

a. System environment:

Ubuntu 18

b. Command:

sudo systemctl reload caddy

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

{
	email john@***.com
}
(common) {
	encode gzip
    php_fastcgi unix//run/php/php7.4-fpm.sock
    file_server
}
sandbox.online {
        root * /var/www
        import common
        log {
                output file /var/log/caddy/sandbox.log
                format console
    }
}

maa.sandbox.online {

        root * /var/www/maar
        import common
        log {
            output file /var/log/caddy/maarifa.log
            format console
        }
}

3. The problem I’m having:

I have a .git folder on the root, how do I block it from being access from the browser.
I have done, sudo chmod 760 .git/ it works but I want to put a configuration in the Caddy file so that other dev who may forget to change permission, it will not access .git.

Also know to to restrict access to certain folders.

Thank you.

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

anon12668908 · August 5, 2020, 11:32am

Define a named matcher

@git {
  path .git
}

Forbid access (for example by using respond)

respond @git 403

francislavoie · August 5, 2020, 2:35pm

Actually since path matching is exact in Caddy v2, you need to add a * to that. It’s as simple as the following (no need for a named matcher here)

respond /.git* 403

anon12668908 · August 5, 2020, 2:46pm

Do you need the wildcard on the end?

francislavoie · August 5, 2020, 2:54pm

Yes absolutely. If you only use /.git then it will only match requests to exactly /.git but not /.git/foo.

system · September 4, 2020, 10:07am

This topic was automatically closed after 30 days. New replies are no longer allowed.