ServerTokens Prod
Header set X-Frame-Options: "sameorigin"
Header always set X-XSS-Protection "1;  mode=block"

<VirtualHost *:80>
    ServerAdmin _

    DocumentRoot /var/www/spotweb

    RedirectMatch 404 /\.git

    <Directory /var/www/spotweb/>
        RewriteEngine on
        RewriteCond %{REQUEST_URI} !api/
        RewriteRule api/?$ index.php?page=newznabapi [QSA]
        RewriteRule details/([^/]+) index.php?page=getspot&messageid=$1 [L]
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride All
        Order deny,allow
        Allow from all
    </Directory>

</VirtualHost>