# Root directory security configuration
# Simplified for better compatibility

# Prevent directory browsing
Options -Indexes

# Allow access to all necessary files
<FilesMatch "\.(html|htm|css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|php)$">
    Require all granted
</FilesMatch>

# Deny access to sensitive files
<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|inc|bak|backup|old|sql|env)$">
    Require all denied
</FilesMatch>

# Deny access to hidden files (but allow .well-known)
<FilesMatch "^\.(?!well-known)">
    Require all denied
</FilesMatch>

# Allow API directory access
<Directory "api">
    Require all granted
</Directory>

# Allow frontend directory access
<Directory "frontend">
    Require all granted
</Directory>

# Protect sensitive directories
<DirectoryMatch "^(guideline|documentation|docs|backup|temp|tmp|logs|storage|database|libraries)">
    Require all denied
</DirectoryMatch>

# Prevent access to version control
<DirectoryMatch "\.git">
    Require all denied
</DirectoryMatch>

<DirectoryMatch "\.svn">
    Require all denied
</DirectoryMatch>

# Enable rewrite engine for clean URLs
RewriteEngine On

# Block suspicious request methods
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
