cai-exos-systems/daveadmin-exos-new:.htaccess

# .htaccess ```text # Exos Systems - Apache Configuration # Security headers <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" Header set X-Frame-Options "SAMEORIGIN" Header set X-XSS-Protection "1; mode=block" Header set Referrer-Policy "strict-origin-when-cross-origin" </IfModule> # Prevent directory listing Options -Indexes # Block access to sensitive files <FilesMatch "^\.env$"> Require all denied </FilesMatch> <FilesMatch "\.sql$"> Require all denied </FilesMatch> # Cache static assets <IfModule mod_expires.c> ExpiresActive On ExpiresByType text/css "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType image/svg+xml "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType image/webp "access plus 1 month" </IfModule> # Compression <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/css application/javascript text/xml application/json image/svg+xml </IfModule> # Default charset AddDefaultCharset UTF-8 # Bot-readable reports alias — internally serves /reports/* with no auth <IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^reports90210(/.*)?$ reports$1 [L] </IfModule> ```