RewriteEngine On

# 1. Pastikan folder bisa diakses tanpa error 403 atau 404
Options -Indexes

# 2. Opsional: Menghilangkan ekstensi .php dari URL 
# Agar domain.com/admin/login.php bisa diakses via domain.com/admin/login
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

# 3. Mencegah akses ke file sensitif
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

Options -Indexes

<Files ".user.ini">
    Require all denied
</Files>

<FilesMatch "\.(?:zip|tar|gz|bz2|7z|sql|bak|old|orig|log)$">
    Require all denied
</FilesMatch>
