# EOMS - Root .htaccess
# Security hardening for Apache (XAMPP / cPanel compatible)

# Disable directory browsing
Options -Indexes

# Protect sensitive files
<FilesMatch "\.(sql|log|md|env)$">
    Require all denied
</FilesMatch>

# Security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# PHP settings (safe defaults, harmless if overridden by host)
<IfModule mod_php.c>
    php_flag display_errors off
    php_value upload_max_filesize 10M
    php_value post_max_size 12M
</IfModule>
