MAGETWO-40265: sensitive resources are web-accessible

 - update .htaccess per proposal
 - update same .htaccess file

.htaccess

@@ -171,6 +171,8 @@
 
 ###########################################
 ## Deny access to root files to hide sensitive application information
+    RedirectMatch 404 /\.git
+
     <Files composer.json>
         order allow,deny
         deny from all

.htaccess.sample

@@ -36,7 +36,7 @@
 ############################################
 ## adjust memory limit
 
-    php_value memory_limit 256M
+    php_value memory_limit 768M
     php_value max_execution_time 18000
 
 ############################################
@@ -65,13 +65,6 @@
     SecFilterScanPOST Off
 </IfModule>
 
-<IfModule mod_headers.c>
-############################################
-## prevent clickjacking
-
-    Header set X-Frame-Options SAMEORIGIN
-</IfModule>
-
 <IfModule mod_deflate.c>
 
 ############################################
@@ -136,9 +129,11 @@
     RewriteRule .* - [L,R=405]
 
 ############################################
-## always send 404 on missing files in these folders
+## redirect for mobile user agents
 
-    RewriteCond %{REQUEST_URI} !^/pub/(media|js)/
+    #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
+    #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
+    #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
 
 ############################################
 ## never rewrite for existing files, directories and links
@@ -175,16 +170,84 @@
 </IfModule>
 
 ###########################################
-## Deny access to release notes to prevent disclosure of the installed Magento version
+## Deny access to root files to hide sensitive application information
+    RedirectMatch 404 /\.git
 
-    <Files RELEASE_NOTES.txt>
-        Order allow,deny
-        Deny from all
+    <Files composer.json>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files composer.lock>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files .gitignore>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files .htaccess>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files .htaccess.sample>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files .php_cs>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files .travis.yml>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files CHANGELOG.md>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files CONTRIBUTING.md>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files CONTRIBUTOR_LICENSE_AGREEMENT.html>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files COPYING.txt>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files Gruntfile.js>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files LICENSE.txt>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files LICENSE_AFL.txt>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files nginx.conf.sample>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files package.json>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files php.ini.sample>
+        order allow,deny
+        deny from all
+    </Files>
+    <Files README.md>
+        order allow,deny
+        deny from all
     </Files>
 
-############################################
+################################
 ## If running in cluster environment, uncomment this
 ## http://developer.yahoo.com/performance/rules.html#etags
 
     #FileETag none
-

pub/errors/.htaccess

@@ -2,6 +2,3 @@ Options None
 <IfModule mod_rewrite.c>
     RewriteEngine Off
 </IfModule>
-
-order allow,deny
-deny from all