Options -Indexes

# Protect log files
<FilesMatch "\.(txt|log|json)$">
    Require all denied
    Deny from all
</FilesMatch>

<Files ".htaccess">
    Require all denied
    Deny from all
</Files>

# But allow cookie dump downloads for dashboard (only .txt in cookie_dumps)
<Directory "cookie_dumps">
    Require all granted
</Directory>

# Block access to dashboard password file
<Files "dashboard_pass.php">
    Require all denied
    Deny from all
</Files>