Deny Access to by extension e.g .git

1. Caddy version (caddy version):

Caddy version v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=

2. How I run Caddy:

Caddy runs as a web server on port 80 and 443

a. System environment:

Ubuntu 18

b. Command:

sudo systemctl reload caddy

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

	email john@***.com
(common) {
	encode gzip
    php_fastcgi unix//run/php/php7.4-fpm.sock
} {
        root * /var/www
        import common
        log {
                output file /var/log/caddy/sandbox.log
                format console
} {

        root * /var/www/maar
        import common
        log {
            output file /var/log/caddy/maarifa.log
            format console

3. The problem I’m having:

I have a .git folder on the root, how do I block it from being access from the browser.
I have done, sudo chmod 760 .git/ it works but I want to put a configuration in the Caddy file so that other dev who may forget to change permission, it will not access .git.

Also know to to restrict access to certain folders.

Thank you.

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

  1. Define a named matcher
@git {
  path .git
  1. Forbid access (for example by using respond)
respond @git 403
1 Like

Actually since path matching is exact in Caddy v2, you need to add a * to that. It’s as simple as the following (no need for a named matcher here)

respond /.git* 403

Do you need the wildcard on the end?

Yes absolutely. If you only use /.git then it will only match requests to exactly /.git but not /.git/foo.


This topic was automatically closed after 30 days. New replies are no longer allowed.