My website is a mercurial repository with multiple subrepositories. I need to make sure I'm denying access to all files in every .hg directory on the server.
For example, I have
I've added the following to .htaccess:
<Files ~ "^\.(hg|ht)">
Deny from all
This is a good start, as it denies access to files beginning with
.ht , but it doesn't deny access to the files inside
.hg directories, so if someone types, for instance
http://example.com/.hg/branch , the branch file will be displayed in their browser.
What do I need to do in order to make sure these files are not displayed to the user? I'd like to send either a 403 or a 404 back to the browser if someone tries to access a file inside any
.hg directory on my server.
This question is also relevant for anyone whose website is a subversion / svn repository.