#6: SVN directory is viewable through Apache

Contents of .svn directories, when located under an Apache web root, are viewable via a browser. This leads to potential exploits, as referenced by Adam Gotterer.

The hack obviously starts in .svn directory, specifically at the entries file. You can access this file by browsing to:

This document contains all of the files and folders svn manages in that directory. In some instances you can locate admin directories and the same thing applies…

So at this point all you have are a bunch of file names. Sometimes you can get some fun information and access to files that were meant to be hidden. Security by obscurity is not a solution, protect files you don’t want the public to access!

Now this is where things get interesting… Any file that has been checked in I can now execute. Either directly or through an svn folder that holds file revisions. Pick any file in the list and browse to:

... and so on.

Use httpd.conf to deny access to .svn files or redirect access

In particular:
RedirectMatch 404 /\\.svn(/|$)
This will respond with a 404 every time a .svn directory is accessed by a HTTP client.


  1. thanks!

    johnny on December 30, 2009, 04:39 AM UTC

Think you've got a better solution? Help 92049143cabb7ba896d7c06e19906303_small yliu out by posting your solution

Adam Gotterer - Hacking the .SVN directory

http://www.adamgotterer.com/2009/01/26/hacking-the-svn-directory/ - found by 92049143cabb7ba896d7c06e19906303_small yliu on January 27, 2009, 11:38 AM UTC

original problem statement

core - Apache HTTP Server

http://httpd.apache.org/docs/2.2/mod/core.html - found by 92049143cabb7ba896d7c06e19906303_small yliu on January 27, 2009, 11:35 AM UTC

DirectoryMatch syntax

mod_alias - Apache HTTP Server

http://httpd.apache.org/docs/2.2/mod/mod_alias.html - found by 92049143cabb7ba896d7c06e19906303_small yliu on January 27, 2009, 11:33 AM UTC

RedirectMatch syntax