# Admin Panel Protection - Development Mode
# للإنتاج: فعّل الحماية بإزالة التعليقات

# Disable directory listing
Options -Indexes

# Allow access during development
Require all granted

# Strong Authentication (معطل للتطوير - فعّله للإنتاج)
# AuthType Basic
# AuthName "Roz Skin Admin Area"
# AuthUserFile /path/to/.htpasswd
# Require valid-user

# IP Whitelist (معطل للتطوير)
# <RequireAll>
#     Require valid-user
#     Require ip 127.0.0.1
#     Require ip YOUR_IP_HERE
# </RequireAll>

# Prevent access to sensitive files
<FilesMatch "\.(log|txt|md|json|lock)$">
    Require all denied
</FilesMatch>

# Security Headers
<IfModule mod_headers.c>
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# Enable PHP error display for development
php_flag display_errors on
php_flag log_errors on
php_value error_reporting E_ALL