# .htaccess for ensi.lk API

# Enable error reporting (disable in production)
# php_flag display_errors on
# php_value error_reporting E_ALL

# Disable directory listing
Options -Indexes

# Enable CORS
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>

# Force HTTPS (uncomment when SSL is configured)
# RewriteEngine On
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Protect sensitive files
<FilesMatch "^(config\.php|\.htaccess)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Protect log files
<FilesMatch "\.(log|txt)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Set charset for PHP files
AddDefaultCharset UTF-8

# Prevent access to hidden files
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

# Increase upload size if needed
php_value upload_max_filesize 10M
php_value post_max_size 10M

# Set timezone
php_value date.timezone "Asia/Colombo"
