# Apache Configuration for Newsroom Reporter

# Enable rewrite engine
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
</IfModule>

# Security Headers
<IfModule mod_headers.c>
    # Prevent clickjacking
    Header set X-Frame-Options "SAMEORIGIN"

    # XSS Protection
    Header set X-XSS-Protection "1; mode=block"

    # Prevent MIME sniffing
    Header set X-Content-Type-Options "nosniff"

    # Referrer Policy
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# PHP Settings
<IfModule mod_php.c>
    # Increase execution time for long-running reports
    php_value max_execution_time 600
    php_value memory_limit 512M

    # Disable output buffering for streaming
    php_flag output_buffering Off
    php_flag implicit_flush On

    # Session settings
    php_value session.gc_maxlifetime 3600
    php_value session.cookie_lifetime 3600
</IfModule>

# Directory Protection
<FilesMatch "\.(env|json|log|md)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Protect sensitive files
<FilesMatch "^(\.env|\.htaccess|config\.php|env_loader\.php)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</FilesMatch>

# Default document
DirectoryIndex index.php

# Error pages (optional)
ErrorDocument 404 /index.php
ErrorDocument 403 /index.php
