# ─── Apache Configuration for Shared Hosting ─────────────────────────────────

# Prevent directory browsing
Options -Indexes

# Set default charset
AddDefaultCharset UTF-8

# Set index.php as default
DirectoryIndex index.php

# Protect sensitive PHP files from direct browser access
<FilesMatch "^(config|database|auth|functions)\.php$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>

# Protect hidden files
<FilesMatch "^\.">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>

# Security headers (only if mod_headers is available)
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# Compress output (only if mod_deflate is available)
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
</IfModule>
