# Rapha-Bethel BNPS — Apache / cPanel config
# Place in the application root (same folder as manage.py and passenger_wsgi.py)

PassengerEnabled On
PassengerAppRoot /home/dnjill5/public_html/school
PassengerBaseURI /school
PassengerPython /home/dnjill5/virtualenv/school/3.11/bin/python3

# Security headers
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"

# Don't serve .env or sensitive files
<FilesMatch "^\.env|\.py$|\.sqlite3$|requirements\.txt$">
    Require all denied
</FilesMatch>

# Cache static assets
<FilesMatch "\.(css|js|png|jpg|jpeg|gif|ico|woff|woff2|ttf|svg)$">
    Header set Cache-Control "max-age=31536000, public"
</FilesMatch>