Chris@16: # Deny all requests from Apache 2.4+.
Chris@16: <IfModule mod_authz_core.c>
Chris@16:   Require all denied
Chris@16: </IfModule>
Chris@16: 
Chris@16: # Deny all requests from Apache 2.0-2.2.
Chris@16: <IfModule !mod_authz_core.c>
Chris@16:   Deny from all
Chris@16: </IfModule>
Chris@16: # Turn off all options we don't need.
Chris@16: Options -Indexes -ExecCGI -Includes -MultiViews
Chris@16: 
Chris@16: # Set the catch-all handler to prevent scripts from being executed.
Chris@16: SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Chris@16: <Files *>
Chris@16:   # Override the handler again if we're run later in the evaluation list.
Chris@16:   SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
Chris@16: </Files>
Chris@16: 
Chris@16: # If we know how to do it safely, disable the PHP engine entirely.
Chris@16: <IfModule mod_php5.c>
Chris@16:   php_flag engine off
Chris@16: </IfModule>