# ============================================================
#  ATLAS TRADING — Apache Configuration
#  File: .htaccess  (place in C:\xampp\htdocs\atlas\)
# ============================================================

Options -Indexes

# ── Custom Error Pages ────────────────────────────────────────
ErrorDocument 404 /atlas/404.html
ErrorDocument 403 /atlas/404.html
ErrorDocument 500 /atlas/404.html

# ── Rewrite Engine ───────────────────────────────────────────
RewriteEngine On
RewriteBase /atlas/

# Force HTTPS (uncomment on live server)
# RewriteCond %{HTTPS} off
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ── Route missing files/folders to 404 page ──────────────────
# If the requested file does NOT exist → send to 404
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ /atlas/404.html [L,R=404]

# ── Security Headers ─────────────────────────────────────────
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# ── Block access to sensitive files ──────────────────────────
<FilesMatch "\.(env|log|sql|bak|sh|git|htpasswd)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Block direct access to includes folder
<IfModule mod_rewrite.c>
    RewriteRule ^includes/ - [F,L]
    RewriteRule ^config/  - [F,L]
</IfModule>

# ── Charset & MIME types ──────────────────────────────────────
AddDefaultCharset UTF-8

# ── PHP settings (XAMPP dev) ──────────────────────────────────
<IfModule mod_php.c>
    php_flag display_errors Off
    php_flag log_errors On
</IfModule>
