# Block direct browser access to config/bootstrap files.
# Only allow the named endpoint scripts.
<FilesMatch "^(config|_bootstrap)\.php$">
    Require all denied
</FilesMatch>

# Don't show directory listings
Options -Indexes
