# Security rules for storage directory
<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # Block access to all files in storage except public folder
    RewriteCond %{REQUEST_URI} !^/storage/app/public/
    RewriteRule ^(.*)$ - [F,L]
    
    # Block access to sensitive file types
    RewriteCond %{REQUEST_FILENAME} \.(log|env|config|ini|sql|bak)$ [NC]
    RewriteRule ^(.*)$ - [F,L]
</IfModule>

# Deny access to all files by default
<Files "*">
    Order Allow,Deny
    Deny from all
</Files>

# Allow access only to public storage
<Directory "app/public">
    Order Allow,Deny
    Allow from all
</Directory>
