first commit

2025-09-12 10:57:48 +02:00 · 2025-09-12 10:57:48 +02:00 · b216a187bd
commit b216a187bd
34 changed files with 4829 additions and 0 deletions
--- a/admin/htaccess
+++ b/admin/htaccess
@ -0,0 +1,37 @@
+# Sécurisation du dossier d'administration
+
+# Cacher les fichiers sensibles
+<Files "config.php">
+    Require all denied
+</Files>
+
+<Files "login_attempts.json">
+    Require all denied
+</Files>
+
+<Files "generate_password_hash.php">
+    Require all denied
+</Files>
+
+# Protection contre les attaques par force brute
+<RequireAll>
+    Require all granted
+    # Limiter les requêtes POST (optionnel, à configurer selon vos besoins)
+</RequireAll>
+
+# Headers de sécurité
+<IfModule mod_headers.c>
+    Header always set X-Content-Type-Options nosniff
+    Header always set X-Frame-Options DENY
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'"
+</IfModule>
+
+# Désactiver l'affichage des erreurs PHP en production
+php_flag display_errors off
+php_flag log_errors on
+
+# Limiter la taille des uploads
+php_value upload_max_filesize 10M
+php_value post_max_size 10M