# Protect All Controller Files
# Prevents security bots from deleting/modifying controllers

<IfModule mod_rewrite.c>
    RewriteEngine On
    # Block direct HTTP access to all PHP files
    RewriteCond %{REQUEST_URI} !^/index\.php
    RewriteRule \.php$ - [F,L]
</IfModule>

# Deny directory browsing
Options -Indexes

# Block HTTP access to PHP files (but allow PHP execution)
<FilesMatch "\.php$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
</FilesMatch>

# Disable ModSecurity for this directory
<IfModule mod_security.c>
    SecRuleEngine Off
</IfModule>

<IfModule security2_module>
    SecRuleEngine Off
</IfModule>

# Protect .htaccess from viewing
<Files ".htaccess">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
</Files>
