diff --git a/.htaccess b/.htaccess
index 7ccb6a2..1201f3e 100644
--- a/.htaccess
+++ b/.htaccess
@@ -4,7 +4,12 @@
 
 # Protect files and directories from prying eyes.
 <FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
-  Order allow,deny
+  <IfModule mod_authz_core.c>
+    Require all denied
+  </IfModule>
+  <IfModule !mod_authz_core.c>
+    Order allow,deny
+  </IfModule>
 </FilesMatch>
 
 # Don't show directory listings for URLs which map to a directory.
diff --git a/includes/file.inc b/includes/file.inc
index d3ac87e..e7f42f9 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -533,7 +533,19 @@ SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
 EOF;
 
   if ($private) {
-    $lines = "Deny from all\n\n" . $lines;
+    $lines .= <<<EOF
+
+    # Deny all requests from Apache 2.4+.
+    <IfModule mod_authz_core.c>
+      Require all denied
+    </IfModule>
+
+    # Deny all requests from Apache 2.0-2.2.
+    <IfModule !mod_authz_core.c>
+      Deny from all
+    </IfModule>
+
+EOF;
   }
 
   return $lines;