# BookGram PHP Embeds - Apache Configuration
# CRITICAL: This directory contains user PHP code - strict security required

# Prevent direct execution of PHP files via HTTP
<FilesMatch "\.php$">
    Order deny,allow
    Deny from all
</FilesMatch>

# Prevent directory listing
Options -Indexes

# Block all direct file access
Order deny,allow
Deny from all

# Allow only BookGram's execution endpoint to include files
# (Files are included via PHP include, not served directly)

# Prevent .htaccess override
<Files ".htaccess">
    Order allow,deny
    Deny from all
</Files>

# Security headers
<IfModule mod_headers.c>
    # Prevent framing from external sites
    Header set X-Frame-Options "SAMEORIGIN"

    # Content Security Policy
    Header set Content-Security-Policy "frame-ancestors 'self'"

    # Prevent MIME type sniffing
    Header set X-Content-Type-Options "nosniff"
</IfModule>
