# Block direct access to all PHP files except specified ones
# Covers all common PHP file extensions
<FilesMatch "\.(php|php3|php4|php5|php7|php8|phtml|pht|phps|shtml|inc|tpl)$">
    Require all denied
</FilesMatch>

# Allow specific PHP files to be accessed
<FilesMatch "^(derivacion_multiple.blade|derivacion_multiple.blade|archivacion_multiple.blade|externo.blade|hojaruta.blade|multiple-file)\.(php|php3|php4|php5|php7|php8|phtml)$">
    Require all granted
</FilesMatch>

# Show forbidden message for blocked files
ErrorDocument 403 "403 Forbidden: Direct access to this file is not allowed."

# Hide .htaccess files from being accessed directly
<Files ".htaccess">
    Require all denied
</Files>

# Prevent directory browsing
Options -Indexes

# Additional security headers (if mod_headers is available)
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>