From 43382a8c7f18aa6fdcc92b4a0c0d54164cadaac8 Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@member.fsf.org>
Date: Fri, 10 Nov 2017 16:09:51 -0800
Subject: [PATCH] [SECURITY] Add .htaccess to disallow web access

The /vendor directory does not need to be web accessible, and to reduce
attack surface, should not be web accessible.

Bug: T180237
---
 .gitignore | 1 -
 .htaccess  | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 .htaccess

diff --git a/.gitignore b/.gitignore
index 9d96ec6..c3d5b76 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,5 +34,4 @@ Thumbs.db
 .settings
 /static*
 /tags
-/.htaccess
 /.htpasswd
diff --git a/.htaccess b/.htaccess
new file mode 100644
index 0000000..3a42882
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1 @@
+Deny from all
-- 
2.13.6