Improved .htaccess security and readability

[Raruto]

List of changes

• added section comments
• added deny rules for the following files:
  • composer\.(json|lock)
  • package\.json
  • (README|CONTRIBUTING)\.md
  • Dockerfile
  • LICENSE
  • "hidden" files and directories (whose names begin with a period)
• removed multiple <Files> statement in favor of a single <Filesmatch> statement

---

Additional info

For those interested in deepening I suggest you start reading one of the following examples:

• h5bp/.htaccess (on which I think cockpit's file was initially based)
• drupal/.htaccess

Have a nice Day,
Raruto

[Raruto]

PS regarding these two issues:

• .htaccess causing internal server error #1298 (comment)
• Options -MultiViews : Error 500 #764

---

Some apache (shared) hosts don't allow you to override Options directives (thus getting the error 500: Options not allowed here ... within server logs):

# sample "httpd.conf" with "AllowOverride" set to "None"

<Directory "/var/www/localhost/htdocs">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

As there is no easy way to verify those directives and prevent 500 error (without access to error logs or apache config files), would it make sense to keep them both commented by default?

cockpit/.htaccess

Line 30 in 722393b

Options -Indexes

cockpit/.htaccess

Line 35 in 722393b

Options -MultiViews

as it happens for the RewriteBase directive:

cockpit/.htaccess

Line 38 in 722393b

# RewriteBase /