I'm currently able to alter .htaccess
file as such to prevent opening of the php.ini
and other files via a web browser:
# Prevent .ini and other files from being open from web browser
<filesMatch "\.(htaccess|htpasswd|ini|log|sh)$">
Order Allow,Deny
Deny from all
</filesMatch>
But this seems to work only for the root directory, where I place this .htaccess
file, so if I navigate to www.mysite.com/sub/php.ini
it can still open that file.
Any idea how to make a filter for all such files in all subdirectories?