MAGETWO-40265: sensitive resources are web-accessible

.gitignore

@@ -47,3 +47,4 @@ atlassian*
 /var/*
 !/var/.htaccess
 /vendor
+!/vendor/.htaccess

.htaccess

@@ -170,13 +170,81 @@
 </IfModule>
 
 ###########################################
-## Deny access to release notes to prevent disclosure of the installed Magento version
-
-    <Files RELEASE_NOTES.txt>
-        Order allow,deny
-        Deny from all
+## Deny access to root files to hide sensitive application information
+    <Files composer.json>
+        order allow,deny
+        deny from all
     </Files>
-############################################
+    <Files composer.lock>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files .gitignore>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files .htaccess>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files .htaccess.sample>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files .php_cs>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files .travis.yml>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files CHANGELOG.md>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files CONTRIBUTING.md>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files CONTRIBUTOR_LICENSE_AGREEMENT.html>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files COPYING.txt>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files Gruntfile.js>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files LICENSE.txt>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files LICENSE_AFL.txt>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files nginx.conf.sample>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files package.json>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files php.ini.sample>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files README.md>
+        order allow,deny
+        deny from all
+    </Files>
+
+################################
 ## If running in cluster environment, uncomment this
 ## http://developer.yahoo.com/performance/rules.html#etags
 

pub/errors/.htaccess

@@ -2,6 +2,6 @@ Options None
 <IfModule mod_rewrite.c>
     RewriteEngine Off
 </IfModule>
-<FilesMatch "\.(xml|phtml)$">
-    Deny from all
-</FilesMatch>
+
+order allow,deny
+deny from all

setup/config/.htaccess

@@ -0,0 +1,2 @@
+order allow,deny
+deny from all

setup/performance-toolkit/.htaccess

@@ -0,0 +1,2 @@
+order allow,deny
+deny from all

setup/src/.htaccess

@@ -0,0 +1,2 @@
+order allow,deny
+deny from all

setup/view/.htaccess

@@ -0,0 +1,2 @@
+order allow,deny
+deny from all

vendor/.htaccess

@@ -0,0 +1,2 @@
+Order allow,deny
+Deny from all