# Make sure settings.xml can not be opened from outside!
# Deny all requests from Apache 2.4+.
<IfModule mod_authz_core.c>
      Require all denied
</IfModule>

# Deny all requests from Apache 2.0-2.2.
<IfModule !mod_authz_core.c>
    Deny from all
</IfModule>