Protect XML configuration files using .htaccess

In most of my projects, I create a mapping called /configurationxy to point to the configuration files (e.g. transfer XML files, mach-ii configuration and so on). This directory is not located under the webroot so no direct access is possible at all.
If this is not possible (e.g. due to shared hosting), never forget to protect your .XML files from being viewed and downloaded using e.g. the .htaccess feature of apache. In this case the file will be readable by the system itself but no user will be able to download the file. See an example configuration here.