# Security for Newsroom Reporter Root Directory
# Protect sensitive files but allow web/ subdirectory access

# Disable directory listing
Options -Indexes

# Protect sensitive files
<FilesMatch "\.(env|json|py)$">
    Require all denied
</FilesMatch>

# Protect Python scripts
<FilesMatch "^.*\.py$">
    Require all denied
</FilesMatch>

# Protect specific sensitive files
<Files "service_account.json">
    Require all denied
</Files>

<Files ".env">
    Require all denied
</Files>

<Files "config.py">
    Require all denied
</Files>

# Block markdown/text files
<FilesMatch "\.(md|txt)$">
    Require all denied
</FilesMatch>

# Allow access to web/ subdirectory
# (handled by web/.htaccess)
