chore: mark resource protection rule blocks

.nginx.conf

@@ -5,10 +5,12 @@ location / {
 
 # Uncomment the following lines if you are not using a `public` directory
 # to prevent sensitive resources from being exposed.
+# <!-- BEGIN EXPOSED RESOURCES PROTECTION -->
 # location ~* ^/(\.git|composer\.(json|lock)|auth\.json|config\.php|flarum|storage|vendor) {
 #   deny all;
 #   return 404;
 # }
+# <!-- END EXPOSED RESOURCES PROTECTION -->
 
 # The following directives are based on best practices from H5BP Nginx Server Configs
 # https://github.com/h5bp/server-configs-nginx

public/.htaccess

@@ -6,13 +6,15 @@
 
   # Uncomment the following lines if you are not using a `public` directory
   # to prevent sensitive resources from being exposed.
+  # <!-- BEGIN EXPOSED RESOURCES PROTECTION -->
   # RewriteRule /\.git / [F,L]
   # RewriteRule ^auth\.json$ / [F,L]
   # RewriteRule ^composer\.(lock|json)$ / [F,L]
   # RewriteRule ^config.php$ / [F,L]
   # RewriteRule ^flarum$ / [F,L]
   # RewriteRule ^storage/(.*)?$ / [F,L]
   # RewriteRule ^vendor/(.*)?$ / [F,L]
+  # <!-- END EXPOSED RESOURCES PROTECTION -->
 
   # Pass requests that don't refer directly to files in the filesystem to index.php
   RewriteCond %{REQUEST_FILENAME} !-f