diff --git a/public/.htaccess b/public/.htaccess
new file mode 100644
index 0000000..31bde6c
--- /dev/null
+++ b/public/.htaccess
@@ -0,0 +1,32 @@
+# Apache URL Rewrite untuk Retribusi Frontend (di folder public)
+# Hanya untuk security headers dan cache, TIDAK ada redirect
+
+# Security headers
+<IfModule mod_headers.c>
+    # Prevent clickjacking
+    Header set X-Frame-Options "SAMEORIGIN"
+    
+    # XSS Protection
+    Header set X-XSS-Protection "1; mode=block"
+    
+    # Content Type Options
+    Header set X-Content-Type-Options "nosniff"
+</IfModule>
+
+# Cache static assets
+<IfModule mod_expires.c>
+    ExpiresActive On
+    ExpiresByType text/css "access plus 1 year"
+    ExpiresByType application/javascript "access plus 1 year"
+    ExpiresByType image/png "access plus 1 year"
+    ExpiresByType image/jpg "access plus 1 year"
+    ExpiresByType image/jpeg "access plus 1 year"
+    ExpiresByType image/gif "access plus 1 year"
+    ExpiresByType image/svg+xml "access plus 1 year"
+</IfModule>
+
+# Gzip compression
+<IfModule mod_deflate.c>
+    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
+</IfModule>
+
diff --git a/public/dashboard/event.html b/public/dashboard/event.html
index fb60353..c50e483 100644
--- a/public/dashboard/event.html
+++ b/public/dashboard/event.html
@@ -236,7 +236,14 @@
 
       // Check auth
       if (!Auth.isAuthenticated()) {
-        window.location.href = '../index.php';
+        const currentPath = window.location.pathname.toLowerCase();
+        const isLoginPage = currentPath.includes('index.php') || 
+                            currentPath === '/' || 
+                            currentPath === '/index.php';
+        // Hanya redirect jika belum di login page
+        if (!isLoginPage) {
+          window.location.href = '../index.php';
+        }
       }
 
       // Logout handler
diff --git a/public/dashboard/js/api.js b/public/dashboard/js/api.js
index 3f409aa..521e0da 100644
--- a/public/dashboard/js/api.js
+++ b/public/dashboard/js/api.js
@@ -41,9 +41,14 @@ async function apiRequest(path, options = {}) {
       localStorage.removeItem('token');
       localStorage.removeItem('user');
       // Cek apakah sudah di login page untuk menghindari redirect loop
-      const currentPath = window.location.pathname;
-      const isLoginPage = currentPath.includes('index.php') || currentPath === '/' || currentPath.endsWith('/');
-      if (!isLoginPage) {
+      const currentPath = window.location.pathname.toLowerCase();
+      const isLoginPage = currentPath.includes('index.php') || 
+                          currentPath === '/' || 
+                          currentPath === '/index.php' ||
+                          currentPath.endsWith('/') ||
+                          currentPath === '';
+      // Hanya redirect jika benar-benar di halaman dashboard, bukan di login page
+      if (!isLoginPage && currentPath.includes('dashboard')) {
         window.location.href = '../index.php';
       }
       throw new Error('Unauthorized');
diff --git a/public/dashboard/js/dashboard.js b/public/dashboard/js/dashboard.js
index 7e4a0ff..179a6b9 100644
--- a/public/dashboard/js/dashboard.js
+++ b/public/dashboard/js/dashboard.js
@@ -696,10 +696,16 @@ document.addEventListener('DOMContentLoaded', async () => {
   // Require auth
   if (!Auth.isAuthenticated()) {
     // Cek apakah sudah di login page untuk mencegah redirect loop
-    const currentPath = window.location.pathname;
-    const isLoginPage = currentPath.includes('index.php') || currentPath === '/' || currentPath.endsWith('/');
-    if (!isLoginPage) {
-      // Redirect ke login hanya jika belum di login page
+    const currentPath = window.location.pathname.toLowerCase();
+    const isLoginPage = currentPath.includes('index.php') || 
+                        currentPath === '/' || 
+                        currentPath === '/index.php' ||
+                        currentPath.endsWith('/') ||
+                        currentPath === '';
+    
+    // JANGAN redirect jika sudah di login page atau root
+    if (!isLoginPage && currentPath.includes('dashboard')) {
+      // Hanya redirect jika benar-benar di halaman dashboard
       window.location.href = '../index.php';
     }
     return;
diff --git a/public/dashboard/settings.html b/public/dashboard/settings.html
index 2e26e6f..acdb5d9 100644
--- a/public/dashboard/settings.html
+++ b/public/dashboard/settings.html
@@ -570,7 +570,14 @@
 
       // Check auth
       if (!Auth.isAuthenticated()) {
-        window.location.href = '../index.php';
+        const currentPath = window.location.pathname.toLowerCase();
+        const isLoginPage = currentPath.includes('index.php') || 
+                            currentPath === '/' || 
+                            currentPath === '/index.php';
+        // Hanya redirect jika belum di login page
+        if (!isLoginPage) {
+          window.location.href = '../index.php';
+        }
       }
 
       // Logout handler