# AleShell .htaccess Configuration
# This file helps with URL routing and security
# Enable URL rewriting
RewriteEngine On
# Security Headers
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options DENY
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# Prevent access to sensitive files
Require all denied
# Protect src directory - Alternative method for .htaccess
RewriteRule ^src/ - [F,L]
# API and Auth routing
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(api|auth)/(.*)$ index.php/$1/$2 [L,QSA]
# General routing for non-existent files
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
# Disable server signature
ServerSignature Off
# Prevent directory browsing
Options -Indexes
# Cache static files
ExpiresActive On
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/icon "access plus 1 month"
ExpiresByType text/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"