diff --git a/.htaccess b/.htaccess
index 7ccb6a2..1201f3e 100644
--- a/.htaccess
+++ b/.htaccess
@@ -4,7 +4,12 @@
# Protect files and directories from prying eyes.
- Order allow,deny
+
+ Require all denied
+
+
+ Order allow,deny
+
# Don't show directory listings for URLs which map to a directory.
diff --git a/includes/file.inc b/includes/file.inc
index d3ac87e..5b59255 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -533,7 +533,17 @@ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
EOF;
if ($private) {
- $lines = "Deny from all\n\n" . $lines;
+ $lines .= <<
+ Require all denied
+
+
+ # Deny all requests from Apache 2.0-2.2.
+
+ Deny from all
+
+EOF;
}
return $lines;