# Enable rewrite engine
RewriteEngine On

# Security headers
<IfModule mod_headers.c>
    # Prevent clickjacking
    Header always append X-Frame-Options SAMEORIGIN

    # Prevent MIME sniffing
    Header always set X-Content-Type-Options nosniff

    # Enable XSS protection
    Header always set X-XSS-Protection "1; mode=block"

    # Remove server signature
    Header unset Server
    Header unset X-Powered-By
</IfModule>

# Hide sensitive files
<Files "*.sql">
    Order allow,deny
    Deny from all
</Files>

<Files "*.ini">
    Order allow,deny
    Deny from all
</Files>

<Files ".env">
    Order allow,deny
    Deny from all
</Files>

# Protect config directory
<Directory "config">
    Order allow,deny
    Deny from all
</Directory>

# Protect setup directory
<Directory "setup">
    Order allow,deny
    Deny from all
</Directory>

# Set default index file
DirectoryIndex index.php index.html

# URL Rewriting Rules
# Redirect www to non-www (optional)
# RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
# RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

# Pretty URLs for mall pages
RewriteRule ^([a-z-]+)/?$ mall.php?slug=$1 [L,QSA]

# Pretty URLs for individual pages
RewriteRule ^news/([0-9]+)/?$ news.php?id=$1 [L,QSA]
RewriteRule ^movie/([0-9]+)/?$ movie.php?id=$1 [L,QSA]
RewriteRule ^store/([0-9]+)/?$ store.php?id=$1 [L,QSA]

# Handle missing files gracefully
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ index.php [L,QSA]

# Compress output
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>

# Set cache headers for static files
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-javascript "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
</IfModule>

# PHP Security Settings
<IfModule mod_php.c>
    # Hide PHP version
    php_flag expose_php Off

    # Disable dangerous functions
    php_admin_value disable_functions "exec,passthru,shell_exec,system,proc_open,popen"

    # Set upload limits
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value max_execution_time 60
    php_value max_input_vars 3000
</IfModule>

# Prevent access to backup files
<FilesMatch "\.(bak|backup|old|orig|tmp)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Error pages (optional)
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php
