# ═══════════════════════════════════════════════════════════
# SECURITY CONFIGURATION
# ═══════════════════════════════════════════════════════════

# Protect log files from direct access
<FilesMatch "\.(log|txt)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Disable directory listing
Options -Indexes

# Prevent access to hidden files
<FilesMatch "^\.">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# ═══════════════════════════════════════════════════════════
# SECURITY HEADERS
# ═══════════════════════════════════════════════════════════

<IfModule mod_headers.c>
    # Prevent MIME sniffing
    Header set X-Content-Type-Options "nosniff"
    
    # Prevent clickjacking
    Header set X-Frame-Options "DENY"
    
    # XSS Protection
    Header set X-XSS-Protection "1; mode=block"
    
    # Referrer Policy
    Header set Referrer-Policy "no-referrer"
    
    # Remove server signature
    Header unset Server
    Header unset X-Powered-By
</IfModule>

# ═══════════════════════════════════════════════════════════
# ERROR HANDLING
# ═══════════════════════════════════════════════════════════

# Don't show PHP errors to visitors (already set in PHP code)
# Note: php_value doesn't work with PHP-FPM, so we handle this in PHP files directly

# Custom error pages (optional)
# ErrorDocument 404 /404.html
# ErrorDocument 500 /500.html

# ═══════════════════════════════════════════════════════════
# FORCE HTTPS (Optional - uncomment if you want to force HTTPS)
# ═══════════════════════════════════════════════════════════

# <IfModule mod_rewrite.c>
#     RewriteEngine On
#     RewriteCond %{HTTPS} off
#     RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# </IfModule>