Chris@0: # Deny all requests from Apache 2.4+.
Chris@0: <IfModule mod_authz_core.c>
Chris@0:   Require all denied
Chris@0: </IfModule>
Chris@0: 
Chris@0: # Deny all requests from Apache 2.0-2.2.
Chris@0: <IfModule !mod_authz_core.c>
Chris@0:   Deny from all
Chris@0: </IfModule>
Chris@0: # Turn off all options we don't need.
Chris@0: Options -Indexes -ExecCGI -Includes -MultiViews
Chris@0: 
Chris@0: # Set the catch-all handler to prevent scripts from being executed.
Chris@0: SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
Chris@0: <Files *>
Chris@0:   # Override the handler again if we're run later in the evaluation list.
Chris@0:   SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
Chris@0: </Files>
Chris@0: 
Chris@0: # If we know how to do it safely, disable the PHP engine entirely.
Chris@0: <IfModule mod_php5.c>
Chris@0:   php_flag engine off
Chris@0: </IfModule>