# =====================================================
# INCLUDES DIRECTORY PROTECTION
# =====================================================
# This directory contains PHP includes and should not be
# directly accessible via web requests

<IfModule mod_rewrite.c>
    RewriteEngine On
    # Block all direct access except for CSS, JS, and image files
    RewriteCond %{REQUEST_URI} \.(php|inc|tpl)$ [NC]
    RewriteRule . - [F,L]
</IfModule>

# Explicit deny for all PHP files
<FilesMatch "\.(php|inc|tpl)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</FilesMatch>

# Prevent directory listing
Options -Indexes

