</IfModule>
</Directory>
-# Prevent .htaccess and .htpasswd files from being viewed by Web clients.
-<Files ".ht*">
+# Prevent access to:
+# - .htaccess and .htpasswd files
+# - backup files from being viewed
+# - PHP's .user.ini
+<FilesMatch "^(\.ht.*|\.user\.ini|.*~|.*,v)$">
<IfModule mod_authz_host.c>
Require all denied
</IfModule>
Order deny,allow
Deny from all
</IfModule>
-</Files>
+</FilesMatch>
-# Prevent backup files from being viewed, too.
-<Files "*~">
+# Prevent access to:
+# - version control directories
+<DirectoryMatch "/(\.(svn|git|hg|bzr)|CVS)/?">
<IfModule mod_authz_host.c>
Require all denied
</IfModule>
Order deny,allow
Deny from all
</IfModule>
-</Files>
+</DirectoryMatch>
#
# This should be changed to whatever you set DocumentRoot to.
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
- # http://httpd.apache.org/docs/2.2/mod/core.html#options
+ # https://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks