# Deny direct access to token files
# OAuth tokens contain sensitive access credentials

<IfModule mod_authz_core.c>
    # Apache 2.4+
    Require all denied
</IfModule>

<IfModule !mod_authz_core.c>
    # Apache 2.2
    Order deny,allow
    Deny from all
</IfModule>

# Additional protection
<FilesMatch ".*">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>
