# block access to all Apache config files
<FilesMatch "^.ht*">
Order allow,deny
Deny from all
</FilesMatch>
# block access by file extension
<FilesMatch "(.sql|.inc.php)$">
Order allow,deny
Deny from all
</FilesMatch>
# block access to secrets.xml
<Files secrets.xml>
Order allow,deny
Deny from all
</Files>
<Files check-request.php>
Order allow,deny
Allow from all
</Files>
<Files sheet.css>
Order allow,deny
Allow from all
</Files>