(view this code in a separate window)

#
# paranoid http configuration snippet.
#
# The following snippets are useful in
# configuring your Apache webserver to
# be a bit more paranoid.  And it
# isn't paranoia if they really are out
# to get you....
#
# Copyright 2002, James Lee and Bri Hatch
#
# Released under the GPL.  See COPYING file
# for more information.



<Files ~ "\.bak$">
    Order allow,deny
    Deny from all
</Files>

<FilesMatch "\.old$">
    Order allow,deny
    Deny from all
</FilesMatch>

<Files .htaccess>
    Order allow,deny
    Deny from all
</Files>

<Directory /usr/local/apache/htdocs/my_private_dir>
  AuthType        Basic
  AuthName       "My Private Directory"
  AuthUserFile    /usr/local/apache/misc/my_private_dir.htpasswd
  require         valid-user
</Directory>

<Location /server-status/>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from localhost
</Location>

<Location /server-info>
    SetHandler server-info
    Order deny,allow
    Deny from all
    Allow from .example.com
</Location>