Szatuna/api/.htaccess

<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-XSS-Protection "1; mode=block"
  Header always set X-Frame-Options "deny"
  Header set Cache-Control "no-cache, no-store, must-revalidate"
  Header set Pragma "no-cache"
  Header set Expires 0
</IfModule>

<FilesMatch "\.(css|flv|gif|htm|html|ico|jpe|jpeg|jpg|js|mp3|mp4|png|pdf|swf|txt)$">
    <IfModule mod_expires.c>
        ExpiresActive Off
    </IfModule>
    <IfModule mod_headers.c>
        FileETag None
        Header unset ETag
        Header unset Pragma
        Header unset Cache-Control
        Header unset Last-Modified
        Header set Pragma "no-cache"
        Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
        Header set Expires "Thu, 1 Jan 1970 00:00:00 GMT"
    </IfModule>
</FilesMatch>

RewriteEngine on

# PATH TRAVERSAL VÉDELEM
RewriteCond %{REQUEST_URI} (\.\./|/\.\.|\\|\0|%2e%2e) [NC]
RewriteRule .* - [F,L]

# SENSITIVE FILES VÉDELEM (kivéve stock.php és index.php)
RewriteRule ^(wp-config\.php|\.env)$ - [F,L]

# HTTPS erőltetés
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# PHP rewrite
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*)$ $1.php [L]

DirectoryIndex index.html index.php

# Hotlink védelem - CSAK statikus fájlok
RewriteCond %{REQUEST_URI} !\.(php|json)$
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(?:www\.)?zimbra\.szatuna\.hu:18821 [NC]
RewriteRule \.(jpg|jpeg|png|gif|css)$ - [NC,F,L]

IndexIgnore *.png *.jpg *.jpeg *.json