# Apache Configuration for Newsroom Reporter Web Interface

# Disable directory listing
Options -Indexes

# Default document
DirectoryIndex index.php

# Security Headers
<IfModule mod_headers.c>
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Content-Type-Options "nosniff"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# PHP Settings for long-running scripts
<IfModule mod_php.c>
    php_value max_execution_time 600
    php_value memory_limit 512M
    php_value session.gc_maxlifetime 3600
    php_value session.cookie_lifetime 3600
</IfModule>

# Protect sensitive configuration files
<Files ".env">
    Require all denied
</Files>

<Files "config.php">
    Require all denied
</Files>

<Files "env_loader.php">
    Require all denied
</Files>

# Block documentation files
<FilesMatch "\.(md|txt)$">
    Require all denied
</FilesMatch>

# Block test/debug files
<FilesMatch "^(test|debug|simple-index).*\.php$">
    Require all denied
</FilesMatch>

# Block backup files
<FilesMatch "\.(old|bak|backup|htaccess-old)$">
    Require all denied
</FilesMatch>

# Allow these PHP files (main app)
# index.php, auth.php, generate-simple.php, download.php, AuthMiddleware.php, JWTValidator.php
# (implicitly allowed by not being blocked above)
