# Directory: /storage/.htaccess

# Prevent directory listing
Options -Indexes

# Deny access to all files in this directory for web requests
# Ensure PHP scripts can still access these files
<FilesMatch ".*">
    Order Deny,Allow
    Deny from all
    # Allow the server itself to access these files
    Allow from 127.0.0.1 ::1
</FilesMatch>

# Additional security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
</IfModule>