# Protect API folder
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
RewriteRule .* - [F]

# Disable directory browsing
Options -Indexes

# Protect sensitive files
<FilesMatch "^(config\.php|.*\.sql)$">
    Order allow,deny
    Deny from all
</FilesMatch>
