# do not serve Apache .htaccess files
location ~ /\.ht {
    deny all;
    log_not_found off;
    access_log off;
    return 403;
}

location ~ \/whm-server-status {
    deny all;
    log_not_found off;
    access_log off;
    return 403;
}