From d37a4c71656903d06e2e7496279921db1ccd4771 Mon Sep 17 00:00:00 2001
From: Kimmo Salmela <cryszon@gmail.com>
Date: Mon, 8 Jun 2015 15:56:19 +0300
Subject: [PATCH] Updated locations to match h5bp's Apache config

See https://github.com/h5bp/server-configs-apache/issues/31 for `well-known` change.
---
 h5bp/location/protect-system-files.conf | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/h5bp/location/protect-system-files.conf b/h5bp/location/protect-system-files.conf
index ece9410..81aa96c 100644
--- a/h5bp/location/protect-system-files.conf
+++ b/h5bp/location/protect-system-files.conf
@@ -1,10 +1,13 @@
 # Prevent clients from accessing hidden files (starting with a dot)
 # This is particularly important if you store .htpasswd files in the site hierarchy
-location ~* (?:^|/)\. {
+# Access to `/.well-known/` is allowed.
+# https://www.mnot.net/blog/2010/04/07/well-known
+# https://tools.ietf.org/html/rfc5785
+location ~* /\.(?!well-known\/) {
     deny all;
 }
 
 # Prevent clients from accessing to backup/config/source files
-location ~* (?:\.(?:bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ {
+location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
     deny all;
 }