# Security Headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>

# Prevent access to sensitive files
<Files "config.php">
    Order allow,deny
    Deny from all
</Files>

<Files "*.sql">
    Order allow,deny
    Deny from all
</Files>

<Files "*.log">
    Order allow,deny
    Deny from all
</Files>

# Prevent directory listing
Options -Indexes

# URL Rewriting (if needed)
RewriteEngine On

# Force HTTPS (uncomment in production)
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Webhook URL (no rewriting needed for webhook.php)
# Prevent direct access to uploaded files
Order deny,allow
Deny from all

# Allow access only from your domain (adjust as needed)
<FilesMatch "\.(pdf|zip|rar|doc|docx|xls|xlsx|jpg|jpeg|png|mp4|mp3)$">
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    # Allow from your-server-ip (if needed for bot)
</FilesMatch>