# LiteCMS - Apache Configuration (cPanel compatible)

# Force PHP processing
<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>

# If the above doesn't work on your host, comment it out
# and try ONE of these instead:
# AddHandler application/x-httpd-php .php
# AddHandler application/x-httpd-php82 .php
# AddHandler application/x-httpd-php81 .php
# AddHandler application/x-httpd-php80 .php
# AddHandler application/x-httpd-ea-php82 .php

# Disable directory listing
Options -Indexes

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Block access to all JSON data files
    RewriteRule ^content/admin\.json$ - [F,L]
    RewriteRule ^content/config\.json$ - [F,L]
    RewriteRule ^content/pages/.*\.json$ - [F,L]
    RewriteRule ^content/articles/.*\.json$ - [F,L]
    RewriteRule ^content/users/.*\.json$ - [F,L]
    RewriteRule ^content/\.ratelimit.*$ - [F,L]

    # Allow uploads to be served
    RewriteRule ^content/uploads/ - [L]

    # Block access to includes directory
    RewriteRule ^includes/ - [F,L]
</IfModule>

# Security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# Protect sensitive files from being downloaded
<FilesMatch "\.(json|md|gitkeep)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</FilesMatch>
