# Employee QR Code Attendance System
# Apache Configuration for Shared Hosting

# Enable Rewrite Engine
RewriteEngine On

# Prevent directory listing
Options -Indexes

# Security Headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# Protect config files
<FilesMatch "^(db\.php|auth\.php|qr\.php)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# PHP Settings (if allowed)
<IfModule mod_php7.c>
    php_value session.cookie_httponly 1
    php_value session.cookie_secure 0
    php_value session.use_strict_mode 1
</IfModule>

# Error Pages (optional)
ErrorDocument 404 /404.html
ErrorDocument 403 /403.html
