In .htaccess imo you have two options: This one kills the access to the .svn-base files, which is the very least you should do:
<FilesMatch \.svn-base> Deny from All </FilesMatch> The other approach with mod_rewrite is to redirect everything to some other page, using a 404 response code: RewriteRule /\.svn/ / [L,R=404] For more advanced apache stuff, you can add this to the config (doesn't work in htaccess), it essentially does the same as the RewriteRule above, but just returning a blank 404 afaik. RedirectMatch 404 /\\.svn(/.*|$) -- Mahara core files are exposed https://bugs.launchpad.net/bugs/571709 You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Status in Mahara ePortfolio: In Progress Bug description: Mahara files are available in google, i.e. http://www.google.com/search?hl=en&client=opera&hs=Ebo&rls=en&q=%22Index+of%22+%2B%22%2Flib%2Fdwoo%2Fmahara%22 This does not seem to be a security risk as is, but it might be, because people might put stuff in accessible files that don't belong there, and all in all I think you should protect your users against stupid mistakes. _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp