Options -Indexes

# Protect config directory
<FilesMatch "\.(sql|md)$">
    Deny from all
</FilesMatch>

<IfModule mod_rewrite.c>
    RewriteEngine On
    # Block direct access to PHP files in subdirectories
    # RewriteRule ^(config|helpers|controllers|models)/ - [F,L]
</IfModule>

# Protect certificate files (serve only via download action)
<FilesMatch "\.(xml|pdf)$">
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{REQUEST_URI} ^/metlab/certificates/
        RewriteRule .* - [F,L]
    </IfModule>
</FilesMatch>

php_flag display_errors Off
php_value error_log /tmp/metlab_errors.log
