Testing article

# Use mod_rewrite to enable "Clean URLs"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

# Allow PUT, DELETE, OPTIONS methods (OJS API needs this)
RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE|OPTIONS)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Redirect index.php requests to remove it from URL
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [QSA,L]
</IfModule>

# Allow additional HTTP methods explicitly
<LimitExcept GET POST PUT DELETE OPTIONS>
Deny from all
</LimitExcept>

# Protect sensitive files
<FilesMatch "\.(htaccess|htpasswd|ini|log|conf|env)$">
Order Allow,Deny
Deny from all
</FilesMatch>

# Prevent directory browsing
Options -Indexes

# Optional: Basic security headers
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
</IfModule>