Normally when a project is checked out of Subversion, there is no problem at all.  However if you decide to use Subversion to deploy your projects, like I do for the L-Train, then you need to either do an export (instead of checkout), or you need to make sure that anything inside a “.svn” folder is inaccessible to the web. I chose the later, since I like to be able to run svn commands against my checked out projects to see what files another co-worker has littered my projects with.

Here is my base .htaccess file that I use to block all traffic to “.svn” folders.  It also disallows listing a folder’s directory if they do not have a default file to display.

[sourcecode language="sh"]
# disallow access to directory indexes
Options -Indexes

RewriteEngine On
# prevent all access to files inside subversion folders
RewriteRule ^(.*/)?.svn/ – [F,L]
ErrorDocument 403 “Access Forbidden”
[/sourcecode]

FYI – .htaccess files only work on Linux servers but I have no idea why you would use anything else.