# =============================================================================
# Snapparty :: project-root .htaccess (defence in depth)
# Ideally the project root is ABOVE the web root and never reachable over HTTP.
# If your host forces the project into public_html, this denies access to
# everything except the /public folder.
# =============================================================================

# Block access to sensitive directories outright.
RedirectMatch 403 ^/?(app|config|database|logs|storage|vendor)(/|$)

# Never serve dotfiles (.env, .git, etc.).
<FilesMatch "^\.">
    Require all denied
</FilesMatch>
