fix(htaccess): security fixes for htaccess

.htaccess

@@ -3,7 +3,6 @@
 # Founded by Sergey Romanenko and maintained by Flextype Community.
 #
 
-
 ## Common PHP Overrides
 #
 # Some of the most common settings that can (sometimes) be overridden.
@@ -24,6 +23,9 @@ RewriteBase /
 # If you experience problems on your site block out the operations listed below
 # This attempts to block the most common type of exploit `attempts` to Flextype
 #
+# Block out any script trying to use twig tags in URL.
+RewriteCond %{REQUEST_URI} ({{|}}|{%|%}) [OR]
+RewriteCond %{QUERY_STRING} ({{|}}|{%25|%25}) [OR]
 # Block out any script trying to base64_encode data within the URL.
 RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
 # Block out any script that includes a <script> tag in URL.
@@ -51,11 +53,11 @@ RewriteRule .* index.php [L]
 
 ## Begin - Security
 # Block all direct access for these folders
-RewriteRule ^(\.git|flextype)/(.*) error [F]
+RewriteRule ^(\.git|src|var|tests)/(.*) error [F]
 # Block access to specific file types for these system folders
-RewriteRule ^(flextype|vendor)/(.*)\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|sh|bat)$ error [F]
-# Block access to specific file types for these site folders
-RewriteRule ^(site)/(.*)\.(txt|md|yaml|yml|html|php|pl|py|cgi|twig|sh|bat)$ error [F]
+RewriteRule ^(src|vendor)/(.*)\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ error [F]
+# Block access to specific file types for these project folders
+RewriteRule ^(project)/(.*)\.(txt|md|yaml|yml|php|pl|py|cgi|twig|html|sh|bat)$ error [F]
 # Block all direct access to .md files:
 RewriteRule \.md$ error [F]
 # Block all direct access to files and folders beginning with a dot