# AirWave Radio - Security & Performance

# Prevent direct access to data directory
<FilesMatch "\.(json)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Allow API access
<Files "chat.php">
    Order Allow,Deny
    Allow from all
</Files>

# Security headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options SAMEORIGIN
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>

# PHP settings
<IfModule mod_php.c>
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_flag display_errors off
</IfModule>

# Enable compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/json
</IfModule>
