Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.In various nginx configs, a block like this:
location ~* (\.(?:git.*|htaccess|engine|config|inc|ini|info|install|make|module|profile|test|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.
save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock))$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save))$ {
access_log off;
return 404;
}
is used to supposedly increase the security if the site. However, if a site is named www.gitlearning.info or anything with .git in the domain name, then the access to the site's resources will be partially blocked because the CSS and JS resources are loaded from http://www.gitlearning.info/sites/www.gitlearning.info/files/..., which contains .git in the URL. The blocking, if required, should probably not blindly block .git.*$ but be more refined, like /.git.* or even only match directories named .git.
If this is meant to increase security, then something similar should be found in the apache configs, but I didn't find anything there.
Comments