# Mountwhite TMS — server rules (Apache / cPanel)

# Never serve these files directly
<FilesMatch "^(config\.php|notion\.php|auth\.php)$">
  Require all denied
</FilesMatch>

# Block the cache directory
RewriteEngine On
RewriteRule ^cache/ - [F,L]

# Force HTTPS (uncomment after SSL is active on the subdomain)
# RewriteCond %{HTTPS} off
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Sensible defaults
Options -Indexes
DirectoryIndex index.php

# Basic security headers
<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set X-Frame-Options "SAMEORIGIN"
  Header set Referrer-Policy "same-origin"
</IfModule>
