# Prevent direct access to config files
<FilesMatch "^(database|init_db|seed_data)\.php$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Force HTTPS (uncomment for production)
# RewriteEngine On
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Enable error reporting (disable in production)
# Development:
# php_flag display_errors On
# php_value error_reporting E_ALL

# Production (uncomment these):
# php_flag display_errors Off
# php_value error_reporting 0

