--- docs/conf/httpd.conf.in.orig 2014-03-15 17:23:47.000000000 -0700 +++ docs/conf/httpd.conf.in 2014-03-15 17:25:02.000000000 -0700 @@ -170,9 +170,19 @@ # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # -<Files ".ht*"> +<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])"> + Require all denied +</FilesMatch> + +# +# Apple specific filesystem protection. +# +<Files "rsrc"> Require all denied </Files> +<DirectoryMatch ".*\.\.namedfork"> + Require all denied +</DirectoryMatch> # # ErrorLog: The location of the error log file.