SVN Detected
Description
A Subversion (SVN) metadata directory (.svn) has been detected on the web server. SVN is a version control system that stores repository metadata, file histories, and configuration details in hidden .svn directories within working copies. These directories should never be present on production systems, as they are intended only for development environments. Their presence indicates the application was deployed using a working copy checkout rather than a proper export, exposing internal development artifacts to potential attackers.
Remediation
Immediately remove all .svn directories from production systems. Future deployments should use 'svn export' instead of 'svn checkout' to exclude version control metadata. If immediate removal is not possible, restrict access to these directories using web server configuration:
For Apache: Add the following to your httpd.conf, virtual host configuration, or .htaccess file:
<DirectoryMatch "\.svn">
Require all denied
</DirectoryMatch>Or for Apache 2.2 and earlier:<DirectoryMatch "\.svn">
Order deny,allow
Deny from all
</DirectoryMatch>For Nginx: Add to your server or location block:location ~ /\.svn {
deny all;
return 404;
}Verify the fix by attempting to access /.svn/entries directly. Additionally, review deployment procedures to ensure version control directories are excluded from production releases.