# ✅ CHỈ cho phép truy cập thư mục bootstrap
Require all granted
Options -Indexes -ExecCGI -FollowSymLinks +SymLinksIfOwnerMatch

# ✅ Chỉ cho phép file tĩnh (CSS, JS, fonts, images, maps)
<FilesMatch "\.(css|js|map|woff2?|ttf|eot|svg|png|jpe?g|gif|webp)$">
    Require all granted
</FilesMatch>

# 🚫 CẤM tuyệt đối file thực thi hoặc cấu hình
<FilesMatch "\.(php|phar|phtml|sh|pl|py|cgi|ini|yml|yaml|xml|md|bat|exe|cmd)$">
    Require all denied
</FilesMatch>

# ⚙️ Nếu chạy mod_php, tắt engine PHP (ngăn upload shell)
<IfModule mod_php.c>
    php_flag engine off
</IfModule>

# ♻️ Thiết lập cache tĩnh (tùy chọn, tăng tốc website)
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/css "access plus 7 days"
    ExpiresByType application/javascript "access plus 7 days"
    ExpiresByType font/woff2 "access plus 30 days"
    ExpiresByType image/png "access plus 30 days"
    ExpiresByType image/jpeg "access plus 30 days"
    ExpiresByType image/gif "access plus 30 days"
    ExpiresByType image/webp "access plus 30 days"
    ExpiresByType image/svg+xml "access plus 30 days"
</IfModule>

# 🚫 Cấm xem chính file .htaccess
<Files ".htaccess">
    Require all denied
</Files>
