# Security hardening for sensitive files
<IfModule mod_authz_core.c>
    # Apache 2.4+ syntax (preferred)
    <FilesMatch "\.(env|git|json|log|lock|backup|sql|sh)$">
        Require all denied
    </FilesMatch>
    
    <Files "process.php">
        Require all denied
    </Files>
</IfModule>

<IfModule !mod_authz_core.c>
    # Fallback for Apache 2.2
    <FilesMatch "\.(env|git|json|log|lock|backup|sql|sh)$">
        Order allow,deny
        Deny from all
    </FilesMatch>
    
    <Files "process.php">
        Order allow,deny
        Deny from all
    </Files>
</IfModule>

# Additional security measures
<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # Block access to process.php via rewrite (double protection)
    RewriteRule ^process\.php$ - [F,NC]
    
    # Prevent access to version control directories
    RewriteRule ^\.(git|svn|hg)/ - [F,NC]
</IfModule>