initial commit

Signed-off-by: ale <ale@manalejandro.com>
2025-09-23 22:57:23 +02:00
commit 0f008b41b2
--- a/.htaccess
+++ b/.htaccess
@@ -0,0 +1,52 @@
+# AleShell .htaccess Configuration
+# This file helps with URL routing and security
+
+# Enable URL rewriting
+RewriteEngine On
+
+# Security Headers
+<IfModule mod_headers.c>
+    Header always set X-Content-Type-Options nosniff
+    Header always set X-Frame-Options DENY
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+</IfModule>
+
+# Prevent access to sensitive files
+<FilesMatch "\.(md|json|lock|yml|yaml|xml|log)$">
+    Require all denied
+</FilesMatch>
+
+# Protect src directory - Alternative method for .htaccess
+RewriteRule ^src/ - [F,L]
+
+# API and Auth routing
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^(api|auth)/(.*)$ index.php/$1/$2 [L,QSA]
+
+# General routing for non-existent files
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^(.*)$ index.php/$1 [L,QSA]
+
+# Disable server signature
+ServerSignature Off
+
+# Prevent directory browsing
+Options -Indexes
+
+# Cache static files
+<IfModule mod_expires.c>
+    ExpiresActive On
+    ExpiresByType text/css "access plus 1 month"
+    ExpiresByType application/javascript "access plus 1 month"
+    ExpiresByType image/png "access plus 1 month"
+    ExpiresByType image/jpg "access plus 1 month"
+    ExpiresByType image/jpeg "access plus 1 month"
+    ExpiresByType image/gif "access plus 1 month"
+    ExpiresByType image/ico "access plus 1 month"
+    ExpiresByType image/icon "access plus 1 month"
+    ExpiresByType text/ico "access plus 1 month"
+    ExpiresByType image/x-icon "access plus 1 month"
+</IfModule>