Running httpd-2.2.3-91.el5 on RHEL 5.
Apache is running several websites and subversion is in use for version control.
I am trying to ensure that subversion metadata is not being exposed by going to
http://host/.svn/entries where host is an IP/domain name of one of our websites.
To that end, I have put the following at the end of the main Apache configuration file /etc/httpd/conf/httpd.conf:
<DirectoryMatch "\.svn">
Deny From All
</DirectoryMatch>
And then restarted apache by running "sudo httpd –k restart" to have the change take effect.
However, this is not working. I can still access
http://[host]/.svn/entries files on this server by browsing to it with a web browser. This change worked on my other servers so I'm not sure what's going on.
As stated earlier I edited the main configuration file which is /etc/httpd/conf/httpd.conf, as verified by running httpd -V and seeing the following output:
-D HTTPD_ROOT="/etc/httpd"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
That file includes several other httpd.conf files for the various websites on the server. I did not change any settings in those files. But it doesn't seem like I should have to because I have two other servers setup the same way, and making this change worked on them.
Does anyone have any ideas of why this is not working or what I could be missing?