If you, like me, use subversion to directly deploy your test environment (“svn update” and you’re done) don’t forget to hide the .svn directories to the public. The .svn directory contains a file, entries, where you can read the URL of your repository and even the last user who committed. Maybe you have ironed your repository with solid password, and denied the checkout from anonymous users. Maybe not.

The easiest and more raliable way to hide .svn’s entries, is to use .htaccess with this entry:

<Files "entries">
  Deny from All
</Files>

In that way every request to any file named entries will result to a HTTP 403: Forbidden.

But if you can use mod_rewrite within your httpd server, I suggest this approach (works in a .htaccess too):

RewriteEngine On
RewriteRule ^.svn/(.*)$ http://subversion.tigris.org [R]

This way, every request for a file above a .svn directory will be nicely redirected to the subversion site :)

Fredrik suggested that removing the ^ from the regexp will match any directory in the tree that is called .svn, instead of just in the root directory.