Having just run into this elsewhere, I'd like to suggest adding runes to the nginx configuration to prevent someone accidentally serving their .git directory should they use a Git checkout for static files. I found adding the following worked fine:
location ~ /\.git {
deny all;
}
I hasten to add I haven't seen any actual evidence of a problem here, and I guess feasibly this might interfere with someone actually wanting to serve their git repo over HTTP. However, personally I think on balance it's a positive security measure.
Anyway, just a suggestion!
giles
|
12640
posts
|
PythonAnywhere staff
|
