add gz to access denied files to block rotated logs from public access

1 files changed, 2 insertions, 1 deletions

diff --git a/.htaccess b/.htaccess
index 6cb3a0749..090ae6637 100644
--- a/.htaccess
+++ b/.htaccess
@@ -2,7 +2,8 @@ Options -Indexes
 AddType application/x-java-archive .jar
 AddType audio/ogg .oga
 
-<FilesMatch "\.(out|log)$">
+# don't allow any web access to logfiles, even after rotation/compression
+<FilesMatch "\.(out|log|gz)$">
 Deny from all
 </FilesMatch>