Options -Indexes
Options -MultiViews

# ── Block direct access to sensitive folders ───────────────────────────────────
RedirectMatch 403 ^/src/
RedirectMatch 403 ^/config/
RedirectMatch 403 ^/logs/
RedirectMatch 403 ^/cron/

# ── Block sensitive file types ─────────────────────────────────────────────────
<FilesMatch "\.(env|log|sql|json|md|lock|gitignore|sh)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# ── Security headers ───────────────────────────────────────────────────────────
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "DENY"
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>

# ── PHP settings (cPanel shared hosting compatible) ────────────────────────────
<IfModule mod_php.c>
    php_flag display_errors Off
    php_flag log_errors On
    php_value max_execution_time 30
    php_value memory_limit 128M
</IfModule>
<IfModule mod_php8.c>
    php_flag display_errors Off
    php_flag log_errors On
    php_value max_execution_time 30
    php_value memory_limit 128M
</IfModule>