RewriteEngine On

# Block direct access to config.php
<Files "config.php">
    Order Allow,Deny
    Deny from all
</Files>

# Block access to schema.sql
<Files "schema.sql">
    Order Allow,Deny
    Deny from all
</Files>

# Optional: Enforce HTTPS
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
