up

BitsHost · BitsHost · commit b32beb9fd868 · 2025-12-31T23:39:00.000+02:00
diff --git a/.env.example b/.env.example
diff --git a/.htaccess b/.htaccess
@@ -0,0 +1,61 @@
+# PHP CRUD API Generator - Root Security Configuration
+# Disable directory listing for this project
+Options -Indexes
+#
+# Goal:
+# - Protect sensitive files in the project root (.env, configs, vault, etc.)
+# - Restrict dashboard and health endpoints to trusted IPs only
+#
+# 📖 Full security guide: docs/DASHBOARD_SECURITY.md
+
+# ----------------------------------------------------------------------
+# 1) Protect .env and other dotfiles in project root
+# ----------------------------------------------------------------------
+
+<FilesMatch "^\.env">
+    Require all denied
+</FilesMatch>
+
+<FilesMatch "^\.(git|svn|hg|env)">
+    Require all denied
+</FilesMatch>
+
+# ----------------------------------------------------------------------
+# 2) Protect Admin Dashboard (root/dashboard.html)
+# ----------------------------------------------------------------------
+
+<Files "dashboard.html">
+    # Apache 2.4+ syntax: only allow localhost by default
+    Require ip 127.0.0.1 ::1
+    # To allow additional IPs in production, add lines like:
+    # Require ip YOUR.PUBLIC.IP.HERE
+</Files>
+
+# ----------------------------------------------------------------------
+# 3) Protect Health Endpoint (root/health.php)
+# ----------------------------------------------------------------------
+
+<Files "health.php">
+    # Apache 2.4+ syntax: only allow localhost by default
+    Require ip 127.0.0.1 ::1
+    # To allow monitoring servers in production, add lines like:
+    # Require ip 198.51.100.10
+</Files>
+
+# Optional: Add HTTP Basic Authentication
+# Uncomment and configure if you want password protection
+#
+# <Files "dashboard.html">
+#     AuthType Basic
+#     AuthName "Admin Dashboard"
+#     AuthUserFile /path/to/.htpasswd
+#     Require valid-user
+# </Files>
+#
+# Create password file with:
+# htpasswd -c .htpasswd admin
+
+# Optional: Redirect HTTP to HTTPS (recommended for production)
+# RewriteEngine On
+# RewriteCond %{HTTPS} off
+# RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
diff --git a/.htaccess.example b/.htaccess.example
diff --git a/.htaccessTest b/.htaccessTest
@@ -0,0 +1,12 @@
+Options -Indexes
+RewriteEngine on
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteCond %{REQUEST_FILENAME} !-f
+#RewriteRule ^ - [R=404,L]
+#RewriteRule ^ - [R=403,L]
+
+#ErrorDocument 404
+#ErrorDocument 403
+
+
+RewriteRule (.+) index.php [QSA,L]
diff --git a/config/.htaccess b/config/.htaccess
@@ -0,0 +1,2 @@
+# Deny direct web access to config files
+Require all denied
diff --git a/sql/.htaccess b/sql/.htaccess
@@ -0,0 +1,2 @@
+# Deny direct web access to SQL files
+Require all denied
diff --git a/src/.htaccess b/src/.htaccess
@@ -0,0 +1,2 @@
+# Deny direct web access to source code
+Require all denied
diff --git a/tests/.htaccess b/tests/.htaccess
@@ -0,0 +1,2 @@
+# Deny direct web access to tests
+Require all denied

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# Deny direct web access to config files`
	`2`	`+Require all denied`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# Deny direct web access to SQL files`
	`2`	`+Require all denied`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# Deny direct web access to source code`
	`2`	`+Require all denied`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+# Deny direct web access to tests`
	`2`	`+Require all denied`