# GitHub Webhook Apache Configuration

# Enable rewrite engine
RewriteEngine On

# Environment variables (IMPORTANT: Set your webhook secret)
SetEnv WEBHOOK_SECRET your_secret_here

# Security: Restrict access to PHP files only
<FilesMatch "\.php$">
    Order allow,deny
    Allow from all
</FilesMatch>

# Deny access to all other files
<FilesMatch "^((?!webhook\.php).)*$">
    Order deny,allow
    Deny from all
</FilesMatch>

# Logging
ErrorLog ${APACHE_LOG_DIR}/webhook_error.log
CustomLog ${APACHE_LOG_DIR}/webhook_access.log combined

# PHP settings
php_flag display_errors off
php_flag log_errors on
php_value error_log /var/log/github-webhook.log

# Security headers
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "DENY"
Header set X-XSS-Protection "1; mode=block"

# Disable directory listing
Options -Indexes

# Prevent access to .git directory
RedirectMatch 404 /\.git
