They’re stealing your code!

The great security scare of the day is rouge (possibly Russian!) thieves on the prowl looking for source code on your websitez by poking through repository directories, such as .svn. Anyway, it’s simple to block, but please folks, look at where your web servers are pointed and what may be exposed. It’s a problem as old as the web itself.

In Apache, this can be done easily:

<IfModule mod_rewrite.c>
RewriteRule ^(.*/)?\.svn/ - [F,L]
ErrorDocument 403 "Access Forbidden"
</IfModule>

But sitting in front of Apache and Mongrel we use the pound load balancer. Here’s a bit of code which will catch anything trying to get into the svn directory, even though directory listings weren’t possible in the first place:

Service
URL ".svn.*"
Redirect "http://d27n.com/public/404.html"
End

You can even skip the Redirect if you want to be lazy or don’t have a 404 page. This will just deadend the service.