Information
Restrict access to any files beginning with .git using the FilesMatch directive.
Rationale:
More and more websites track their changes in a Git repository we see a lot of attackers search for .git directories. Access to .git directories should be restricted. These files should be placed in the document root, but, in the event they are, the FilesMatch directive can be used to prevent them from being viewed by web clients.
Impact:
.git files are not accessible.
Solution
Perform the following to implement the recommended state:
Add or modify the following lines in the Apache configuration file at the server configuration level.
<DirectoryMatch "/.git">
Require all denied
</DirectoryMatch>
Default Value:
This is not set by default