# Mencegah akses direktori
Options -Indexes

# Mencegah akses ke file .json dalam folder data
<FilesMatch "\.(json)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>

# Pengalihan halaman awal ke login.php
DirectoryIndex login.php

# Keamanan tambahan
<IfModule mod_headers.c>
    # Mencegah MIME-sniffing
    Header set X-Content-Type-Options "nosniff"
    
    # Mengaktifkan XSS Protection pada browser
    Header set X-XSS-Protection "1; mode=block"
    
    # Mencegah akses iframe dari domain lain
    Header set X-Frame-Options "SAMEORIGIN"
    
    # Cache control
    Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
    Header set Pragma "no-cache"
    Header set Expires "Thu, 01 Jan 1970 00:00:00 GMT"
</IfModule>

# Proteksi file dan direktori
<FilesMatch "^(config\.php|functions\.php|session_check\.php)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>

# Redirect semua akses langsung ke file JSON ke login
<Files ~ "\.json$">
    Order allow,deny
    Deny from all
</Files>