# KAI API Server — Root .htaccess

# ── MIME Types ───────────────────────────────────────────────
<IfModule mod_mime.c>
    AddType text/css                  .css
    AddType application/javascript    .js
    AddType application/json          .json
</IfModule>

# Block direct browser access to sensitive files
<FilesMatch "^(config|bootstrap)\.php$">
    Order deny,allow
    Deny from all
</FilesMatch>

# Block access to logs folder
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^logs/ - [F,L]
</IfModule>

# Security headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "DENY"
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>
