# Security protection for storage directories
# Deny all direct access to uploaded files for security

# Prevent directory browsing
Options -Indexes

# Deny access to PHP files in storage
<FilesMatch "\.php$">
    Require all denied
</FilesMatch>

# Only allow specific file types
<FilesMatch "\.(pdf|html|jpg|jpeg|png|gif|doc|docx|txt)$">
    Require all granted
</FilesMatch>

# Deny all other files
<Files "*">
    Require all denied
</Files>

# Prevent access to hidden files
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# Set proper MIME types for allowed files
<IfModule mod_mime.c>
    AddType application/pdf .pdf
    AddType text/html .html
    AddType image/jpeg .jpg .jpeg
    AddType image/png .png
    AddType image/gif .gif
    AddType application/msword .doc
    AddType application/vnd.openxmlformats-officedocument.wordprocessingml.document .docx
    AddType text/plain .txt
</IfModule>

# Security headers for file downloads
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options DENY
