# TFCS Admin Folder Protection
# This adds an extra HTTP Basic Auth layer on top of the PHP login
# To use: run `htpasswd -c .htpasswd tfcs_admin` on your server and enter a password

AuthType Basic
AuthName "TFCS Admin — Restricted Area"
AuthUserFile /path/to/your/.htpasswd
Require valid-user

# Block direct access to PHP errors
php_flag display_errors off

# Prevent directory listing
Options -Indexes

# Only allow index.php
<FilesMatch "^(?!index\.php$)">
  Order Allow,Deny
  Deny from all
</FilesMatch>
