# Block direct access to internal PHP files
<FilesMatch "^(config|db|common)\.php$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order Allow,Deny
        Deny from all
    </IfModule>
</FilesMatch>

# Disable directory listing
Options -Indexes