It is a good practice to disallow the access to all files and folders with dot at the beginning, except for .well-known folder (it is used for certificates verification and for security.txt file).
Apache .htaccess:
1 2 3 |
RewriteRule "(^|/)\.(?!well-known\/)" - [F] |
Nginx:
1 2 3 4 5 |
location ~ /\.(?!well-known\/) { deny all; } |