diff --git a/.htaccess b/.htaccess
index 3e6eb31938e4..f535ec132982 100644
--- a/.htaccess
+++ b/.htaccess
@@ -203,72 +203,157 @@
     RedirectMatch 403 /\.git
 
     <Files composer.json>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files composer.lock>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files .gitignore>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files .htaccess>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files .htaccess.sample>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files .php_cs.dist>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files .travis.yml>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files CHANGELOG.md>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files COPYING.txt>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files Gruntfile.js>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files LICENSE.txt>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files LICENSE_AFL.txt>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files nginx.conf.sample>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files package.json>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files php.ini.sample>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files README.md>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
     <Files magento_umask>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
 
 # For 404s and 403s that aren't handled by the application, show plain 404 response
diff --git a/app/.htaccess b/app/.htaccess
index 93169e4eb44f..707c26b075e1 100644
--- a/app/.htaccess
+++ b/app/.htaccess
@@ -1,2 +1,8 @@
-Order deny,allow
-Deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/bin/.htaccess b/bin/.htaccess
index 896fbc5a341e..707c26b075e1 100644
--- a/bin/.htaccess
+++ b/bin/.htaccess
@@ -1,2 +1,8 @@
-Order deny,allow
-Deny from all
\ No newline at end of file
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/dev/.htaccess b/dev/.htaccess
index 93169e4eb44f..707c26b075e1 100644
--- a/dev/.htaccess
+++ b/dev/.htaccess
@@ -1,2 +1,8 @@
-Order deny,allow
-Deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromClone/.htaccess b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromClone/.htaccess
index 14249c50bd76..118789f3d955 100644
--- a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromClone/.htaccess
+++ b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromClone/.htaccess
@@ -1 +1,7 @@
-Deny from all
\ No newline at end of file
+<IfVersion < 2.4>
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromClone/cache/.htaccess b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromClone/cache/.htaccess
index 14249c50bd76..118789f3d955 100644
--- a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromClone/cache/.htaccess
+++ b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromClone/cache/.htaccess
@@ -1 +1,7 @@
-Deny from all
\ No newline at end of file
+<IfVersion < 2.4>
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromCreateProject/.htaccess b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromCreateProject/.htaccess
index 14249c50bd76..118789f3d955 100644
--- a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromCreateProject/.htaccess
+++ b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromCreateProject/.htaccess
@@ -1 +1,7 @@
-Deny from all
\ No newline at end of file
+<IfVersion < 2.4>
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromCreateProject/cache/.htaccess b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromCreateProject/cache/.htaccess
index 14249c50bd76..118789f3d955 100644
--- a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromCreateProject/cache/.htaccess
+++ b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testFromCreateProject/cache/.htaccess
@@ -1 +1,7 @@
-Deny from all
\ No newline at end of file
+<IfVersion < 2.4>
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testSkeleton/.htaccess b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testSkeleton/.htaccess
index 14249c50bd76..118789f3d955 100644
--- a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testSkeleton/.htaccess
+++ b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testSkeleton/.htaccess
@@ -1 +1,7 @@
-Deny from all
\ No newline at end of file
+<IfVersion < 2.4>
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testSkeleton/cache/.htaccess b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testSkeleton/cache/.htaccess
index 14249c50bd76..118789f3d955 100644
--- a/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testSkeleton/cache/.htaccess
+++ b/dev/tests/integration/testsuite/Magento/Framework/Composer/_files/testSkeleton/cache/.htaccess
@@ -1 +1,7 @@
-Deny from all
\ No newline at end of file
+<IfVersion < 2.4>
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/generated/.htaccess b/generated/.htaccess
index 93169e4eb44f..707c26b075e1 100644
--- a/generated/.htaccess
+++ b/generated/.htaccess
@@ -1,2 +1,8 @@
-Order deny,allow
-Deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/lib/.htaccess b/lib/.htaccess
index 93169e4eb44f..707c26b075e1 100644
--- a/lib/.htaccess
+++ b/lib/.htaccess
@@ -1,2 +1,8 @@
-Order deny,allow
-Deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/phpserver/.htaccess b/phpserver/.htaccess
index 93169e4eb44f..707c26b075e1 100644
--- a/phpserver/.htaccess
+++ b/phpserver/.htaccess
@@ -1,2 +1,8 @@
-Order deny,allow
-Deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/pub/.htaccess b/pub/.htaccess
index bdae9be342d8..9d79c1cc2b9a 100644
--- a/pub/.htaccess
+++ b/pub/.htaccess
@@ -190,8 +190,13 @@
 ## Deny access to release notes to prevent disclosure of the installed Magento version
 
     <Files RELEASE_NOTES.txt>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
 
 # For 404s and 403s that aren't handled by the application, show plain 404 response
@@ -207,8 +212,13 @@ ErrorDocument 403 /errors/404.php
 ###########################################
 ## Deny access  to cron.php
     <Files cron.php>
-        order allow,deny
-        deny from all
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
     </Files>
 
 <IfModule mod_headers.c>
diff --git a/pub/media/.htaccess b/pub/media/.htaccess
index 0a3087c09631..28e65b490fbb 100644
--- a/pub/media/.htaccess
+++ b/pub/media/.htaccess
@@ -1,4 +1,4 @@
-Options All -Indexes
+Options -Indexes
 
 <IfModule mod_php5.c>
 php_flag engine 0
diff --git a/pub/media/customer/.htaccess b/pub/media/customer/.htaccess
index 93169e4eb44f..707c26b075e1 100644
--- a/pub/media/customer/.htaccess
+++ b/pub/media/customer/.htaccess
@@ -1,2 +1,8 @@
-Order deny,allow
-Deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/pub/media/downloadable/.htaccess b/pub/media/downloadable/.htaccess
index 93169e4eb44f..707c26b075e1 100644
--- a/pub/media/downloadable/.htaccess
+++ b/pub/media/downloadable/.htaccess
@@ -1,2 +1,8 @@
-Order deny,allow
-Deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/pub/media/import/.htaccess b/pub/media/import/.htaccess
index 93169e4eb44f..707c26b075e1 100644
--- a/pub/media/import/.htaccess
+++ b/pub/media/import/.htaccess
@@ -1,2 +1,8 @@
-Order deny,allow
-Deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/pub/media/theme_customization/.htaccess b/pub/media/theme_customization/.htaccess
index aaf15ab571eb..2b93da6b4c07 100644
--- a/pub/media/theme_customization/.htaccess
+++ b/pub/media/theme_customization/.htaccess
@@ -1,5 +1,10 @@
-Options All -Indexes
+Options -Indexes
 <Files ~ "\.xml$">
-    Order allow,deny
-    Deny from all
+    <IfVersion < 2.4>
+        order allow,deny
+        deny from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+        Require all denied
+    </IfVersion>
 </Files>
diff --git a/setup/config/.htaccess b/setup/config/.htaccess
index 281d5c33db37..707c26b075e1 100644
--- a/setup/config/.htaccess
+++ b/setup/config/.htaccess
@@ -1,2 +1,8 @@
-order allow,deny
-deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/setup/performance-toolkit/.htaccess b/setup/performance-toolkit/.htaccess
index 281d5c33db37..707c26b075e1 100644
--- a/setup/performance-toolkit/.htaccess
+++ b/setup/performance-toolkit/.htaccess
@@ -1,2 +1,8 @@
-order allow,deny
-deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/setup/src/.htaccess b/setup/src/.htaccess
index 281d5c33db37..707c26b075e1 100644
--- a/setup/src/.htaccess
+++ b/setup/src/.htaccess
@@ -1,2 +1,8 @@
-order allow,deny
-deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/setup/view/.htaccess b/setup/view/.htaccess
index 281d5c33db37..707c26b075e1 100644
--- a/setup/view/.htaccess
+++ b/setup/view/.htaccess
@@ -1,2 +1,8 @@
-order allow,deny
-deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/var/.htaccess b/var/.htaccess
index 896fbc5a341e..707c26b075e1 100755
--- a/var/.htaccess
+++ b/var/.htaccess
@@ -1,2 +1,8 @@
-Order deny,allow
-Deny from all
\ No newline at end of file
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+
diff --git a/vendor/.htaccess b/vendor/.htaccess
index cb24fd7fc0b3..707c26b075e1 100644
--- a/vendor/.htaccess
+++ b/vendor/.htaccess
@@ -1,2 +1,8 @@
-Order allow,deny
-Deny from all
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>
+