Chris@17: # Deny all requests from Apache 2.4+.
Chris@17: <IfModule mod_authz_core.c>
Chris@17:   Require all denied
Chris@17: </IfModule>
Chris@17: 
Chris@17: # Deny all requests from Apache 2.0-2.2.
Chris@17: <IfModule !mod_authz_core.c>
Chris@17:   Deny from all
Chris@17: </IfModule>
Chris@17: 
Chris@17: # Turn off all options we don't need.
Chris@17: Options -Indexes -ExecCGI -Includes -MultiViews
Chris@17: 
Chris@17: # Set the catch-all handler to prevent scripts from being executed.
Chris@17: SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Chris@17: <Files *>
Chris@17:   # Override the handler again if we're run later in the evaluation list.
Chris@17:   SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
Chris@17: </Files>
Chris@17: 
Chris@17: # If we know how to do it safely, disable the PHP engine entirely.
Chris@17: <IfModule mod_php5.c>
Chris@17:   php_flag engine off
Chris@17: </IfModule>