Comments on: Serving websites from svn checkout considered harmful Code and comments on web development, Django, Python and things (un)related. Wed, 03 Apr 2013 13:15:20 +0000 hourly 1 By: Cara Mengamankan SVN live site pada WHM/Cpanel ( to be revised ) | Indonesian Developer Sat, 15 Sep 2012 08:37:40 +0000 […] Reason :: […]

By: Dmitry Tue, 15 Feb 2011 20:28:13 +0000 Yeah, loves to copy content from other websites; a disgrace. But then again, almost all of runet is a rip off, which is sad.

Anyway, thanks for the article! But I wonder, why the developers never care to test that themselves? That is troubling.

I was always using export for deployment but it’s kind of a headache because you end up deleting and overwriting files and restarting the services. So, I found your article and I find serving 404 a reasonable alternative.

By: SVN уязвимость года. Подвержены крупнейшие веб-проекты Интернета Fri, 01 Oct 2010 06:59:19 +0000 […] почитать по теме можно здесь:… Запись опубликована в рубрике Новости. Добавьте в […]

By: Alex Mon, 18 Jan 2010 00:07:12 +0000 stupid russian idiots published this news 1 year after you…))

By: rtw Thu, 12 Mar 2009 19:27:42 +0000 i’ve been messing around with my lighttpd regex patterns trying to solve this issue –

$HTTP["url"] =~ ".*\.svn.*" {
url.access-deny = ("")

still allows me to access/download the /.svn/entries and /.svn/format files, but protects the directory. Anyone else have similar results?

p.s. – i’m actually planning on using:

url.redirect-code = 404

instead of

#url.access-deny = ("")

I believe this is a better strategy – that way you’re denying that the files are even there. The equivalent in Apache is:

RedirectMatch 404 /\\.svn(/|$)

(the apache directive protects the entries and format files)

Any help is appreciated!!

By: Jason Fri, 19 Dec 2008 01:27:28 +0000 I use darcs rather than svn for my webpage, and noticed the darcs equivalent to this a few months ago. It’s a problem with most VC systems.

By: Jonathan Sun, 26 Oct 2008 14:09:28 +0000 Wow! Thanks for opening my eyes on this.

I’m so surprised that this isn’t a well-known issue for web developers using subversion.

I just sent your article out to a bunch of colleagues.
Thanks again,