first commit

.htaccess

@@ -0,0 +1,83 @@
+# Apache配置文件
+# 用于URL重写和安全设置
+
+# 启用重写引擎
+RewriteEngine On
+
+# URL重写规则
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^(.*)$ index.php [QSA,L]
+
+# 安全设置 - 禁止访问敏感目录
+<Files "config/*">
+    Order Allow,Deny
+    Deny from all
+</Files>
+
+<Files "includes/*">
+    Order Allow,Deny
+    Deny from all
+</Files>
+
+<Files "data/*">
+    Order Allow,Deny
+    Deny from all
+</Files>
+
+# 禁止访问敏感文件
+<FilesMatch "\.(sql|log|md|txt|conf)$">
+    Order Allow,Deny
+    Deny from all
+</FilesMatch>
+
+# 禁止访问隐藏文件
+<FilesMatch "^\.*">
+    Order Allow,Deny
+    Deny from all
+</FilesMatch>
+
+# 禁止访问安装文件（安装完成后）
+<Files "install.php">
+    Order Allow,Deny
+    Deny from all
+</Files>
+
+# 设置默认字符集
+AddDefaultCharset UTF-8
+
+# 启用GZIP压缩
+<IfModule mod_deflate.c>
+    AddOutputFilterByType DEFLATE text/plain
+    AddOutputFilterByType DEFLATE text/html
+    AddOutputFilterByType DEFLATE text/xml
+    AddOutputFilterByType DEFLATE text/css
+    AddOutputFilterByType DEFLATE application/xml
+    AddOutputFilterByType DEFLATE application/xhtml+xml
+    AddOutputFilterByType DEFLATE application/rss+xml
+    AddOutputFilterByType DEFLATE application/javascript
+    AddOutputFilterByType DEFLATE application/x-javascript
+</IfModule>
+
+# 设置缓存策略
+<IfModule mod_expires.c>
+    ExpiresActive On
+    ExpiresByType text/css "access plus 1 month"
+    ExpiresByType application/javascript "access plus 1 month"
+    ExpiresByType image/png "access plus 1 month"
+    ExpiresByType image/jpg "access plus 1 month"
+    ExpiresByType image/jpeg "access plus 1 month"
+    ExpiresByType image/gif "access plus 1 month"
+    ExpiresByType image/ico "access plus 1 month"
+    ExpiresByType image/icon "access plus 1 month"
+    ExpiresByType text/plain "access plus 1 month"
+    ExpiresByType application/pdf "access plus 1 month"
+</IfModule>
+
+# 安全头设置
+<IfModule mod_headers.c>
+    Header always set X-Content-Type-Options nosniff
+    Header always set X-Frame-Options DENY
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+</IfModule>