# CCISG Portail — Configuration Apache
# Forcer HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Sécurité headers
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"

# Bloquer accès aux fichiers sensibles
<FilesMatch "\.(sql|log|env|bak)$">
    deny from all
</FilesMatch>

# Page d'erreur par défaut
ErrorDocument 403 /portail/index.php
ErrorDocument 404 /portail/index.php
