# Admin Directory Protection
RewriteEngine On

# Deny access to sensitive files
<Files "*.log">
    Deny from all
</Files>

<Files "config.php">
    Deny from all
</Files>

# Optional: IP Whitelist (uncomment and add your IP)
# <RequireAll>
#     Require ip 127.0.0.1
#     Require ip YOUR_OFFICE_IP_HERE
# </RequireAll>

# Security headers
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options DENY
Header always set X-XSS-Protection "1; mode=block"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

# Prevent directory browsing
Options -Indexes
