From securitymetrics: Synopsis : The remote web server discloses information due to a configuration weakness. Description : The web server on the remote host allows read access to '.svn/entries' files. This exposes all file names in your svn module on your website. This flaw can also be used to download the source code of the scripts (PHP, JSP, etc...) hosted on the remote server. See also : Basic Flaw Reveals Source Code to 3,300 Popular Websites ic-flaw-reveals-source-code-to-3300-popula r-websites/ Solution: Configure permissions for the affected web server to deny access to the '.svn' directory. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) [More] I tried adding: <Directory ~ ".*\.svn"> Order allow,deny Deny from all </Directory> To apache conf pre main include, but it doesn't seem to do anything. I can still access the svn directory in question. Anyone know why this Directory configuration isn't working... or know of another way to deny access to the .svn directories? P.