############################################
# QUICK SETUP - SECURE .HTACCESS
############################################

# -------------------------------------------
# ENABLE REWRITE ENGINE
# -------------------------------------------
RewriteEngine On

# -------------------------------------------
# FORCE HTTPS (Required for Google Ads)
# -------------------------------------------
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# -------------------------------------------
# FORCE WWW (OPTIONAL - KEEP CONSISTENT)
# Uncomment if you use www domain
# -------------------------------------------
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# -------------------------------------------
# PREVENT DIRECTORY LISTING
# -------------------------------------------
Options -Indexes

# -------------------------------------------
# PROTECT SENSITIVE FILES
# -------------------------------------------
<FilesMatch "^(\.env|\.git|\.htaccess|composer\.json|composer\.lock)">
  Order allow,deny
  Deny from all
</FilesMatch>

# -------------------------------------------
# SECURITY HEADERS (GOOGLE ADS SAFE)
# -------------------------------------------
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set X-XSS-Protection "1; mode=block"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
  Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"

  # Content Security Policy (Ads Friendly)
  Header always set Content-Security-Policy "
    default-src 'self';
    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://pagead2.googlesyndication.com;
    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
    img-src 'self' data: https:;
    font-src 'self' https://fonts.gstatic.com;
    connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com;
    frame-src https://www.google.com https://pagead2.googlesyndication.com;
  "
</IfModule>

# -------------------------------------------
# PREVENT MIME TYPE SNIFFING
# -------------------------------------------
AddType application/javascript .js
AddType text/css .css

# -------------------------------------------
# CACHE STATIC FILES (PERFORMANCE + ADS SCORE)
# -------------------------------------------
<IfModule mod_expires.c>
  ExpiresActive On

  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/webp "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"

  ExpiresByType text/css "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"

  ExpiresByType text/html "access plus 0 seconds"
</IfModule>

# -------------------------------------------
# GZIP COMPRESSION
# -------------------------------------------
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/plain text/html text/xml
  AddOutputFilterByType DEFLATE text/css application/javascript application/json
</IfModule>

# -------------------------------------------
# BLOCK COMMON BAD BOTS & EXPLOITS
# -------------------------------------------
RewriteCond %{QUERY_STRING} (<|%3C|script|union|select|insert|drop|benchmark|base64_encode) [NC]
RewriteRule .* - [F,L]

# -------------------------------------------
# ALLOW SEARCH ENGINES (IMPORTANT FOR ADS)
# -------------------------------------------
<IfModule mod_rewrite.c>
  RewriteCond %{HTTP_USER_AGENT} (googlebot|bingbot|adsbot-google) [NC]
  RewriteRule .* - [L]
</IfModule>

# -------------------------------------------
# CUSTOM ERROR PAGES (OPTIONAL)
# -------------------------------------------
ErrorDocument 403 /403.html
ErrorDocument 404 /404.html

############################################
# HIDE .HTML AND .PHP EXTENSIONS
############################################

# Enable Rewrite Engine
RewriteEngine On

# -------------------------------------------
# Remove .html extension
# -------------------------------------------
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.+?)/?$ $1.html [L]

# -------------------------------------------
# Remove .php extension
# -------------------------------------------
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.+?)/?$ $1.php [L]

# -------------------------------------------
# Redirect old URLs with extensions to clean URLs
# (SEO & Google Ads friendly)
# -------------------------------------------
RewriteCond %{THE_REQUEST} \s/+(.+?)\.(html|php)\s [NC]
RewriteRule ^ %1 [R=301,L]
