# Root security hardening
# Disable directory listing globally
Options -Indexes

# Prevent serving source of sensitive PHP includes if accessed directly
<FilesMatch "^(config|lang)/.*\.(php|inc)$">
    Require all denied
</FilesMatch>

# Allow access to index.php and auth endpoints as normal


