# ============================================================
# MediCare HMS - Backend Security (Node.js app directory)
# Place this in: /home/username/backend/
# ============================================================

# Deny all direct access to backend directory
# (Only accessed via proxy through frontend .htaccess)
Order deny,allow
Deny from all

# But allow localhost access (for cPanel proxy)
Allow from 127.0.0.1
Allow from ::1

# Block access to sensitive files
<FilesMatch "\.(env|json|lock|md|prisma|ts)$">
  Order allow,deny
  Deny from all
</FilesMatch>

# Block access to node_modules
<IfModule mod_rewrite.c>
  RewriteRule ^node_modules/ - [F,L]
  RewriteRule ^prisma/ - [F,L]
  RewriteRule ^\.env - [F,L]
</IfModule>

Options -Indexes
