# Protege arquivos sensíveis
<Files "config.php">
    Order deny,allow
    Deny from all
</Files>

<Files "install.sql">
    Order deny,allow
    Deny from all
</Files>

# Força HTTPS apenas em domínios reais (não localhost, IP, ou hostnames Docker internos)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^localhost(:\d+)?$
RewriteCond %{HTTP_HOST} !^127\.0\.0\.1(:\d+)?$
RewriteCond %{HTTP_HOST} !^[a-z0-9_-]+$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
