# Add some basic access control to protect sensitive files like bootstrap.conf
cat > .htaccess <<EOF
Options -Indexes
-SetEnvIf Request_URI "/web/.*" access_granted
+SetEnvIf Request_URI "/web(/.*)?$" access_granted
Order allow,deny
Allow from env=access_granted
EOF