# Block direct browser access to the DB credentials file and the SQL schema.
# server.php and groups.php remain accessible (that's the API surface).

<FilesMatch "^(config\.php|schema\.sql)$">
    Require all denied
</FilesMatch>

# Optional: disable directory listing for /facebookScraperAPI/
Options -Indexes
