# Prevent direct access to config.php
<Files "config.php">
    Order allow,deny
    Deny from all
</Files>

# PHP settings
php_value session.cookie_httponly 1
php_value session.use_strict_mode 1

# Prevent directory listing
Options -Indexes

# Force HTTPS (uncomment if SSL is available)
# RewriteEngine On
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
