# Video API Security Rules

# Disable directory listing
Options -Indexes

# Protect sensitive files
<FilesMatch "\.(db|sqlite|sqlite3|log|json|md)$">
    Order deny,allow
    Deny from all
</FilesMatch>

# Enable error pages (optional)
# ErrorDocument 404 /404.php
# ErrorDocument 403 /403.php

# Enable CORS for API (Allow cross-origin requests)
<IfModule mod_headers.c>
    # Allow all origins (change * to specific domain in production)
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, POST, DELETE, OPTIONS"
    Header set Access-Control-Allow-Headers "X-API-Key, Content-Type, Authorization"
    Header set Access-Control-Max-Age "3600"
</IfModule>

# Handle preflight OPTIONS requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

# Security Headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# Prevent access to hidden files
<FilesMatch "^\.|~$">
    Order deny,allow
    Deny from all
</FilesMatch>

# PHP Security Settings
<IfModule mod_php7.c>
    php_flag display_errors Off
    php_flag log_errors On
    php_value error_log /path/to/php-error.log
</IfModule>
