# Schütze config.php und andere sensible Dateien
<Files "config.php">
    Require all denied
</Files>

<Files ".env">
    Require all denied
</Files>

<Files ".env.*">
    Require all denied
</Files>

<Files "config.php.backup">
    Require all denied
</Files>

<Files "test-*.php">
    Require all denied
</Files>

# Verhindere Directory Listing
Options -Indexes

# Blockiere Zugriff auf Backup-Dateien
<FilesMatch "\.(bak|backup|old|orig|save|swp|tmp)$">
    Require all denied
</FilesMatch>

# Verhindere Zugriff auf versteckte Dateien
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# PHP-Sicherheitseinstellungen
<IfModule mod_php7.c>
    php_flag display_errors off
    php_flag log_errors on
    php_value upload_max_filesize 20M
    php_value post_max_size 20M
</IfModule>

# Zusätzliche Sicherheits-Header
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>