SA-CORE-2013-003 - Files directory Not fully protected

Question

I'm using Pressflow 6.38 and I'm trying to implement SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities | Drupal.org inside of /etc/httpd/conf.d/pressflow.conf configuration file, like following:

<DirectoryMatch "^/(tmp|var/www/html/current/files)">
    # Turn off all options we don't need.
    Options None
    Options +FollowSymLinks

    # Set the catch-all handler to prevent scripts from being executed.
    SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
    <Files *>
        # Override the handler again if we're run later in the evaluation list.
        SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
    </Files>

    # If we know how to do it safely, disable the PHP engine entirely.
    <IfModule mod_php5.c>
        php_flag engine off
    </IfModule>
</DirectoryMatch>

however still getting following message in Status Report page:

Files directory Not fully protected

See http://drupal.org/SA-CORE-2013-003 for information about the recommended .htaccess file which should be added to the files directory to help protect against arbitrary code execution.

My environment:

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.8 (Santiago)
# rpm -q httpd php
httpd-2.2.15-55.el6_8.2.x86_64
php-5.3.3-48.el6_8.x86_64
# 

Answer 1

quote from SA-CORE-2013-003 - Drupal core - Multiple vulnerabilities | Drupal.org:

Additionally, the .htaccess of the temporary files directory and private files directory (if used) should include this command:

Deny from all

instead of using .htaccess inside of /tmp directory (which can be wiped), I placed following rule inside of my pressflow.conf:

<Directory "/tmp">
    Deny from all
</Directory>