# Force PHP 8.1 for entire project
<IfModule mime_module>
    AddHandler application/x-httpd-ea-php81 .php
</IfModule>

# Security - Block access to sensitive files
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

<Files ".env">
    Order allow,deny
    Deny from all
</Files>

<Files "*.sql">
    Order allow,deny
    Deny from all
</Files>

<Files "*.log">
    Order allow,deny
    Deny from all
</Files>

# v27.52: also block backups, docs, and other sensitive file types from web access.
<FilesMatch "\.(bak|backup|old|orig|save|swp|swo|sql|ini|sh|md|yml|yaml|lock|dist|example)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Block access to non-public directories
<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # Block direct access to sensitive directories
    RewriteRule ^src/ - [F,L]
    RewriteRule ^storage/ - [F,L]
    RewriteRule ^database/ - [F,L]
    RewriteRule ^docs/ - [F,L]
</IfModule>

# Disable directory listing
Options -Indexes


<Files "error_log">
    Order allow,deny
    Deny from all
</Files>

<FilesMatch "(^error_log$|\.(log|sql|env|ini|bak|backup|old|orig|save|swp|swo|md|yml|yaml|lock|dist|example)$)">
    Order allow,deny
    Deny from all
</FilesMatch>
