ip-manager/webapp/.htaccess

# Protect sensitive files from direct web access
<FilesMatch "\.(log|sql|env)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Protect error.log specifically
<Files "error.log">
    Order Allow,Deny
    Deny from all
</Files>