Options -Indexes

# Handle PHP errors
php_flag display_errors on
php_value error_reporting E_ALL

# Protect files and directories
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

# Protect sensitive files
<FilesMatch "\.(sql|log|txt|ini|htaccess)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Allow access to specific text files
<Files "robots.txt">
    Order allow,deny
    Allow from all
</Files>

# Security Headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "DENY"
    Header set X-XSS-Protection "1; mode=block"
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

# URL Rewriting
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /Zeal-webapp-ver1.0/

    # Redirect to HTTPS (uncomment in production)
    # RewriteCond %{HTTPS} off
    # RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Protect config directory
    RewriteRule ^config/ - [F,L]

    # Protect classes directory
    RewriteRule ^classes/ - [F,L]

    # Protect includes directory
    RewriteRule ^includes/ - [F,L]
</IfModule>

# PHP Settings
<IfModule mod_php7.c>
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value max_execution_time 300
    php_value max_input_time 300
</IfModule> 