From 80b47e5a76db5bb931c31a2b4091c1c4268a22c4 Mon Sep 17 00:00:00 2001
From: Kevin Day <thekevinday@gmail.com>
Date: Sat, 7 May 2022 16:49:05 -0500
Subject: [PATCH] Security: Hide all hidden directories behind a 404.

Never use access denied for these.
Whether they exist or not, a 404 should be returned.
---
 .htaccess | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.htaccess b/.htaccess
index 5b69a3b..501a029 100644
--- a/.htaccess
+++ b/.htaccess
@@ -3,6 +3,9 @@ RewriteEngine on
 ErrorDocument 403 /access_denied.html
 ErrorDocument 404 /not_found.html
 
+RewriteBase "/"
+RewriteRule (^\.|/\.) /not_found.html [L]
+
 RewriteCond %{REQUEST_FILENAME} -f
 RewriteRule . - [L]
 
-- 
1.8.3.1