# Apache — TDS security rules
# Blocks direct web access to sensitive files

Options -Indexes

# Block access to config, domain pool, logs, lock file
<FilesMatch "(tds_config\.php|domains\.json|checker\.php|check_cron\.sh|.*\.log|.*\.lock)$">
    Require all denied
</FilesMatch>

# Block the logs directory entirely
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^logs/ - [F,L]
</IfModule>

# Allow these files to be served
<Files "redirect.php">
    Require all granted
</Files>

<Files "admin.php">
    Require all granted
</Files>

<Files "setup.php">
    Require all granted
</Files>
