# ══════════════════════════════════════════════════════
# .htaccess — Informe CRM M&G Defontana
# ══════════════════════════════════════════════════════
Options -Indexes
Options -MultiViews
# ── Rewrite Engine ─────────────────────────────────────
RewriteEngine On
# Redirigir / → Informe_CRM.html
RewriteRule ^$ Informe_CRM.html [L]
# Permitir acceso directo a archivos reales (CSS, JS, PHP, etc.)
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
# Todo lo demás → Informe_CRM.html
RewriteRule ^ Informe_CRM.html [L]
# ── Proteger archivos sensibles ────────────────────────
# Bloquear acceso directo al JSON del informe
Order Allow,Deny
Deny from all
# Bloquear acceso al directorio data/
RewriteRule ^data/ - [F,L]
# Bloquear acceso a archivos ocultos (.env, .git, etc.)
Order Allow,Deny
Deny from all
# ── Headers de seguridad ───────────────────────────────
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
# CORS para api.php
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type"
# ── Compresión GZIP ────────────────────────────────────
AddOutputFilterByType DEFLATE text/html text/css application/javascript application/json
# ── Cache para assets estáticos ───────────────────────
ExpiresActive On
ExpiresByType text/html "access plus 0 seconds"
ExpiresByType application/javascript "access plus 7 days"
ExpiresByType text/css "access plus 7 days"
# ── PHP: permisos y configuración ─────────────────────
php_flag display_errors Off
php_value upload_max_filesize 10M
php_value post_max_size 10M