# Gunakan index.php sebagai halaman default (hindari "Index of /...")
DirectoryIndex index.php index.html

# Sembunyikan listing folder jika AllowOverride mengizinkan
Options -Indexes

# ----------------------------
# Production hardening (shared hosting / cPanel)
# - Blok akses web ke file installer/setup/seed & SQL migration
# - Blok akses langsung ke direktori sensitif
# - Jangan mengandalkan ini saja: tetap hapus file setup setelah selesai instalasi
# ----------------------------

# Apache 2.4+
<IfModule mod_authz_core.c>
    <FilesMatch "^(setup_database\.php|install\.php|seed_super_admin_once\.php|saas_schema\.php)$">
        Require all denied
    </FilesMatch>

    <FilesMatch "\.(sql|sqlite|db|bak|old|log|sh|bat)$">
        Require all denied
    </FilesMatch>
</IfModule>

# Apache 2.2 fallback
<IfModule !mod_authz_core.c>
    <FilesMatch "^(setup_database\.php|install\.php|seed_super_admin_once\.php|saas_schema\.php)$">
        Order deny,allow
        Deny from all
    </FilesMatch>

    <FilesMatch "\.(sql|sqlite|db|bak|old|log|sh|bat)$">
        Order deny,allow
        Deny from all
    </FilesMatch>
</IfModule>

# ----------------------------
# (Opsional) Paksa HTTPS di produksi.
# Aktifkan blok berikut hanya di server yang sudah punya SSL/HTTPS:
#
# <IfModule mod_rewrite.c>
#     RewriteEngine On
#     RewriteCond %{HTTPS} off
#     RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# </IfModule>
# ----------------------------
