# Disable directory browsing
Options -Indexes

# Enable URL rewriting
RewriteEngine On

# Remove .php extension (allow accessing pages without .php)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

# Deny access to sensitive files
<FilesMatch "\.(sql|log|htpasswd|ini|env)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Deny access to config file
<Files "config.php">
    Order Allow,Deny
    Deny from all
</Files>

# Deny access to email helper
<Files "email_helper.php">
    Order Allow,Deny
    Deny from all
</Files>

# Deny access to PWA includes
<Files "pwa-head.php">
    Order Allow,Deny
    Deny from all
</Files>

<Files "pwa-script.php">
    Order Allow,Deny
    Deny from all
</Files>
