From f20b3d4a43556ad8f0204116bd845ecfc8a4d84f Mon Sep 17 00:00:00 2001
From: Julian Prieber <julian.prieber@linkstack.org>
Date: Sun, 30 Mar 2025 22:40:28 +0200
Subject: [PATCH] Improve security

Blocking access to system files on URL level regardless of file permissions
---
 .htaccess | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/.htaccess b/.htaccess
index 198faaa..4565d2f 100644
--- a/.htaccess
+++ b/.htaccess
@@ -32,4 +32,21 @@ Deny from all
 <Files ~ "\.zip$">
     Order allow,deny
     Deny from all
-</Files>
\ No newline at end of file
+</Files>
+
+<IfModule mod_rewrite.c>
+    <IfModule mod_negotiation.c>
+        Options -MultiViews -Indexes
+    </IfModule>
+
+RewriteEngine On
+
+# Block access to .env files
+RewriteRule ^.*\.env$ - [F,L]
+
+# Block access to SQLite database files
+RewriteRule ^.*\.sqlite$ - [F,L]
+
+# Block access to ZIP files
+RewriteRule ^.*\.zip$ - [F,L]
+</IfModule>