# Protect .env file
<Files ".env">
    Order allow,deny
    Deny from all
</Files>

# Ensure the backend folder is handled by PHP and not the Node.js app
RewriteEngine On

# If the request is for the backend folder, don't pass it to Passenger/Node.js
RewriteCond %{REQUEST_URI} ^/backend [NC]
RewriteRule .* - [L]

# Optional: Force HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# The Node.js App setup in cPanel will add its own Passenger rules below this line
# DO NOT REMOVE THE FOLLOWING LINES IF THEY ARE ADDED BY CPANEL:
# PassengerAppRoot "..."
# PassengerBaseURI "/"
# PassengerAppType node
# PassengerStartupFile server.js
