# ── Bloquer accès direct aux fichiers sensibles ──────────────────
<FilesMatch "^(config|functions|send_bet_email|cron_|init_|debug_|fix_).*\.php$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Bloquer l'accès aux fichiers backup et temporaires
<FilesMatch "\.(bak|old|tmp|log|sql|env|ini|sh)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# ── Cacher les erreurs PHP au navigateur ─────────────────────────
php_flag display_errors Off
php_flag log_errors On
php_value error_log /home/jetegage/logs/php_errors.log

# ── Sécurité HTTP headers ─────────────────────────────────────────
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"

# ── Bloquer listing des répertoires ──────────────────────────────
Options -Indexes

# ── Forcer HTTPS ─────────────────────────────────────────────────
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
