# Security Hardening for Rev. Dr. Sally Julie Armah Memorial Website

# 1. Disable Directory Listing
# Stops users from browsing folders if an index file is missing
Options -Indexes

# 2. Prevent Direct Access to Sensitive Directories
# Denies all requests to the 'includes' folder
<Directory "/Users/peeaarmah/Projects/Rev. Dr. Sally Julie Armah (Mrs.)/includes">
    Order deny,allow
    Deny from all
</Directory>

# 3. Protect Sensitive Files
# Blocks access to common backup and log files
<FilesMatch "\.(bak|log|sql|ini|sh|dist|zip|tar|gz)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# 4. Global Security Headers (Backup to PHP headers)
<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Content-Type-Options "nosniff"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# 5. Prevent Hotlinking (Optional)
# Uncomment the following to prevent other sites from using your images directly
# RewriteEngine on
# RewriteCond %{HTTP_REFERER} !^$
# RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?localhost:8000 [NC]
# RewriteRule \.(jpg|jpeg|png|gif|webp)$ - [F]
