# Project Planner - Apache Configuration
# Security and Performance Settings

# Prevent directory browsing
Options -Indexes

# Follow symbolic links
Options +FollowSymLinks

# Enable URL rewriting
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /project-planner/
    
    # Force HTTPS (uncomment if you have SSL certificate)
    # RewriteCond %{HTTPS} off
    # RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    # Redirect www to non-www (or vice versa)
    # RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    # RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
</IfModule>

# Protect sensitive files
<FilesMatch "^(config\.php|database_schema\.sql|\.htaccess|INSTALLATION\.txt)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Prevent access to .git and other hidden files
<FilesMatch "^\.">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Security Headers
<IfModule mod_headers.c>
    # Prevent clickjacking
    Header set X-Frame-Options "SAMEORIGIN"
    
    # Prevent MIME type sniffing
    Header set X-Content-Type-Options "nosniff"
    
    # Enable XSS protection
    Header set X-XSS-Protection "1; mode=block"
    
    # Referrer Policy
    Header set Referrer-Policy "strict-origin-when-cross-origin"
    
    # Remove server signature
    Header unset Server
    Header unset X-Powered-By
</IfModule>

# PHP Configuration (if allowed by host)
<IfModule mod_php7.c>
    # Increase upload limits
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value max_execution_time 300
    php_value max_input_time 300
    php_value memory_limit 128M
    
    # Security settings
    php_flag display_errors Off
    php_flag log_errors On
    php_value error_log error_log.txt
    php_flag expose_php Off
    php_flag register_globals Off
    php_flag magic_quotes_gpc Off
    
    # Session security
    php_value session.cookie_httponly 1
    php_value session.cookie_secure 1
    php_value session.use_only_cookies 1
</IfModule>

# Compression (if mod_deflate is available)
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>

# Browser Caching
<IfModule mod_expires.c>
    ExpiresActive On
    
    # Images
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/x-icon "access plus 1 year"
    
    # CSS and JavaScript
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    
    # Fonts
    ExpiresByType font/woff "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
    ExpiresByType application/font-woff "access plus 1 year"
    ExpiresByType application/font-woff2 "access plus 1 year"
    
    # Default
    ExpiresDefault "access plus 1 week"
</IfModule>

# Custom Error Pages
ErrorDocument 404 /project-planner/404.php
ErrorDocument 403 /project-planner/403.php
ErrorDocument 500 /project-planner/500.php

# Protect uploads directory - create separate .htaccess in uploads/
# See INSTALLATION.txt for details
