# .htaccess for reports
# Generated: 2025-10-30 14:53:53
# Security configuration for tenant upload directory
############################################################

# Prevent directory listing
Options -Indexes
DirectoryIndex disabled

# Disable PHP execution in upload directories
# Prevents uploaded PHP files from being executed
php_flag engine off

# Block PHP files (alternative method)
<FilesMatch "\.php$">
    Order Deny,Allow
    Deny from all
</FilesMatch>

# Allow only safe file types
# Allowed: pdf, xlsx, csv, html
<FilesMatch "\.(pdf|xlsx|csv|html)$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

# Force download for documents
<FilesMatch "\.(pdf|doc|docx|xls|xlsx)$">
    Header set Content-Disposition "attachment"
</FilesMatch>

# Security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# Cache control for images
<FilesMatch "\.(jpg|jpeg|png|gif|webp)$">
    Header set Cache-Control "max-age=2592000, public"
</FilesMatch>

# Deny access to hidden files
<FilesMatch "^\..+$">
    Order Deny,Allow
    Deny from all
</FilesMatch>
