# the most import thing is to hide ws-config.json
# since it might have a db password
# instead, we'll only allow certain extensions
<Files *>
Order Deny,Allow
Deny from All
</Files>
# pass to index.php bu default
<FilesMatch "^$">
Allow from All
</FilesMatch>
DirectoryIndex index.php index.html
# allow images, icons, pdfs
<FilesMatch ".(jpe?g|gif|png|ico|pdf)$">
Allow from All
</FilesMatch>
# allow web pages
<FilesMatch ".(js|css|html?)$">
Allow from All
</FilesMatch>
# allow php
<FilesMatch ".php$">
Allow from All
</FilesMatch>
# allow txt
<FilesMatch ".txt$">
Allow from All
</FilesMatch>