# Apache configuration for DRMtoday CPIX Packager APIs

# Enable rewrite engine
RewriteEngine On

# Security headers
<IfModule mod_headers.c>
    # Prevent MIME type sniffing
    Header always set X-Content-Type-Options nosniff
    
    # Prevent clickjacking
    Header always set X-Frame-Options DENY
    
    # XSS Protection
    Header always set X-XSS-Protection "1; mode=block"
    
    # Strict Transport Security (uncomment if using HTTPS)
    # Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</IfModule>

# Hide server information
ServerTokens Prod
ServerSignature Off

# Disable directory browsing
Options -Indexes

# Protect sensitive files
<Files "*.log">
    Order Deny,Allow
    Deny from all
</Files>

<Files "*.txt">
    Order Deny,Allow
    Deny from all
</Files>

<Files "*.md">
    Order Deny,Allow
    Deny from all
</Files>

# Protect generated_cpix directory - only allow access through download.php
<Directory "generated_cpix">
    Order Deny,Allow
    Deny from all
</Directory>

# Alternative method for Apache 2.4+
<IfModule mod_authz_core.c>
    <Directory "generated_cpix">
        Require all denied
    </Directory>
</IfModule>

# Allow access to packaged directory for manifest files
<Directory "packaged">
    Order Allow,Deny
    Allow from all
</Directory>

# Alternative method for Apache 2.4+
<IfModule mod_authz_core.c>
    <Directory "packaged">
        Require all granted
    </Directory>
</IfModule>

# Cache control for API responses
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType application/json "access plus 0 seconds"
    ExpiresByType text/html "access plus 0 seconds"
</IfModule>

# Compress responses
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE application/json
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/javascript
</IfModule>
