Apache

You need at least the following setup:

<VirtualHost *:80>
  ServerName example.com
  ServerAlias example.com www.example.com
  ServerAdmin [email protected]
  DocumentRoot /var/www/html/example_com
  ErrorLog /var/log/httpd/example_com_error
  CustomLog /var/log/httpd/example_com_access common

  <Directory "/var/www/html/example_com">
    Options FollowSymLinks Indexes
    AllowOverride All
    Order Allow,Deny
    Allow from all
    DirectoryIndex index.php
  </Directory>

  # Block access to .ini and .md files
  <FilesMatch "\.(ini|md)$">
    Order Allow,Deny
    Deny from all
  </FilesMatch>

  # Block access to content/data folder
  <Directory "/var/www/html/example_com/content/data">
    Order Allow,Deny
    Deny from all
  </Directory>

</VirtualHost>

Note: if got AH01630: client denied by server configuration error. Please use below:

<VirtualHost *:80>
  ServerName example.com
  ServerAlias example.com www.example.com
  ServerAdmin [email protected]
  DocumentRoot /var/www/html/example_com
  ErrorLog /var/log/httpd/example_com_error
  CustomLog /var/log/httpd/example_com_access common

  <Directory "/var/www/html/example_com">
    Options FollowSymLinks Indexes
    AllowOverride All
    Require all granted
    DirectoryIndex index.php
  </Directory>

  # Block access to .ini and .md files
  <FilesMatch "\.(ini|md)$">
    Require all denied
  </FilesMatch>

  # Block access to content/data folder
  <Directory "/var/www/html/example_com/content/data">
    Require all denied
  </Directory>

</VirtualHost>

Credit: @ProjectPatatoe