Options -Indexes

<FilesMatch "^\.(?!htaccess).*$">
    Require all denied
</FilesMatch>

<FilesMatch "\.php$|\.sql$|\.log$|\.env$|\.lock$">
    Require all denied
</FilesMatch>

<Files "webhook.php">
    Require ip 149.154.160.0/20
    Require ip 91.108.4.0/22
    Require ip 91.108.8.0/22
    Require ip 91.108.16.0/22
    Require ip 91.108.56.0/22
    Require ip 185.76.151.0/24
</Files>

<Files "cron.php">
    Require all granted
</Files>

<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "DENY"
    Header set X-XSS-Protection "1; mode=block"
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    Header unset X-Powered-By
</IfModule>

RedirectMatch 404 ^/(core|handlers|providers)/