# Allow access to /api/weyd endpoint
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/api/weyd/
    RewriteRule ^ - [L]
</IfModule>

# Deny all access by default
<IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
</IfModule>

# Disable directory browsing
Options -Indexes

# Deny access to sensitive files
<FilesMatch "\.(env|ini|log|sh|sql|bak|inc|db|sqlite)$">
    Order allow,deny
    Deny from all
</FilesMatch>
