# Protect config directory
<FilesMatch "config\.php$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Protect includes directory
<FilesMatch "\.php$">
    <If "%{REQUEST_URI} =~ m#/includes/#">
        Order allow,deny
        Deny from all
    </If>
</FilesMatch>

# Enable CORS for API
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, X-Machine-ID, X-Session-Token"
</IfModule>

# Protect logs
<FilesMatch "\.log$">
    Order allow,deny
    Deny from all
</FilesMatch>
