# Deny all access
<IfModule mod_authz_core.c>
  Require all denied
</IfModule>

<IfModule !mod_authz_core.c>
  Order allow,deny
  Deny from all
</IfModule>

# Disable directory browsing
Options -Indexes

# Deny access to sensitive files
<FilesMatch "\.(env|ini|log|sh|sql|bak|inc|db|sqlite)$">
    Order allow,deny
    Deny from all
</FilesMatch>