# Block all direct web access to the data directory.
# This protects user accounts, file metadata, invites, and settings.

<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>

# Belt-and-suspenders: also disable rewrites and scripts here
<IfModule mod_rewrite.c>
    RewriteEngine Off
</IfModule>

Options -ExecCGI -Indexes