# ── THE JOURNAL — Apache Security Rules ──────────────────────────────────────

# Block direct access to the data directory (passwords, posts)
<IfModule mod_rewrite.c>
    RewriteEngine On

    # Block any request trying to access /data/ directly
    RewriteRule ^data/ - [F,L]

    # Redirect setup.php to home if config already exists
    # (Uncomment once setup is complete)
    # RewriteCond %{REQUEST_URI} ^/setup\.php$
    # RewriteRule ^ index.php [R=302,L]
</IfModule>

# Deny direct access to data files
<FilesMatch "^(config|posts)\.json$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Don't expose server info
ServerSignature Off

# Prevent MIME type sniffing
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "no-referrer"
</IfModule>

# Disable directory listing
Options -Indexes

# PHP security settings
<IfModule mod_php.c>
    php_flag display_errors Off
    php_flag expose_php Off
</IfModule>
<IfModule mod_php8.c>
    php_flag display_errors Off
    php_flag expose_php Off
</IfModule>
