# Disable directory listings
Options -Indexes

# Prevent viewing of sensitive configuration files and database files
<FilesMatch "^\.htaccess|config\.php|leads\.db|composer\.json|package\.json|.*\.sql$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Prevent viewing of hidden files or folders (like .git, .env)
RedirectMatch 404 /\.(git|env|hg|svn|gitattributes|gitignore)

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^api/(.*)$ api.php?route=$1 [QSA,L]
