# Protect against directory listing
Options -Indexes

# Protect sensitive files
<FilesMatch "^\.env|\.env\.|\.git|\.htaccess|composer\.json|composer\.lock|package\.json|package-lock\.json|phpunit\.xml|README\.md|\.editorconfig|\.styleci\.yml">
    Order allow,deny
    Deny from all
</FilesMatch>

# Protect dot files
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

# Disable access to sensitive directories
RedirectMatch 404 /\.git
RedirectMatch 404 /\.env
RedirectMatch 404 /storage
RedirectMatch 404 /vendor
RedirectMatch 404 /node_modules

# Block access to specific sensitive files
<Files ~ "\.(env|config.js|md|gitignore|gitattributes|lock)$">
    Order allow,deny
    Deny from all
</Files>

# Main rewrite rules
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]

# Additional security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Download-Options "noopen"
    Header set X-Permitted-Cross-Domain-Policies "none"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

# Disable server signature
ServerSignature Off

# Prevent access to backup/config/source files
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

# Protect against PHP file execution in uploads directory
<Directory "/path/to/your/uploads">
    <FilesMatch "\.php$">
        Order allow,deny
        Deny from all
    </FilesMatch>
</Directory>

# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php8_module>
   php_flag display_errors Off
   php_value max_execution_time 3000
   php_value max_input_time 6000
   php_value max_input_vars 1000
   php_value memory_limit 512M
   php_value post_max_size 100M
   php_value session.gc_maxlifetime 1440
   php_value session.save_path "/var/cpanel/php/sessions/ea-php83"
   php_value upload_max_filesize 100M
   php_flag zlib.output_compression Off
</IfModule>
<IfModule lsapi_module>
   php_flag display_errors Off
   php_value max_execution_time 3000
   php_value max_input_time 6000
   php_value max_input_vars 1000
   php_value memory_limit 512M
   php_value post_max_size 100M
   php_value session.gc_maxlifetime 1440
   php_value session.save_path "/var/cpanel/php/sessions/ea-php83"
   php_value upload_max_filesize 100M
   php_flag zlib.output_compression Off
</IfModule>
# END cPanel-generated php ini directives, do not edit

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php83” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php83___lsphp .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
