Options -Indexes

# ─── Custom error pages ────────────────────────────────────────
ErrorDocument 404 /spring_cms/404.php

# ─── Security headers ──────────────────────────────────────────
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set X-XSS-Protection "1; mode=block"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# ─── Protect sensitive files and directories ───────────────────
<FilesMatch "\.(sql|log|env|ini|htpasswd|bak|swp)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

# Block direct access to config and includes
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /spring_cms/

  # Block config directory
  RewriteRule ^config/.*$ - [F,NC,L]

  # Block includes directory (except via PHP require)
  RewriteRule ^includes/.*$ - [F,NC,L]

  # ── OPTIONAL: Clean product URLs ──────────────────────────
  # Uncomment these lines to enable /product/slug-here URLs
  # RewriteCond %{REQUEST_FILENAME} !-f
  # RewriteCond %{REQUEST_FILENAME} !-d
  # RewriteRule ^product/([a-z0-9-]+)/?$ product-detail.php?slug=$1 [QSA,L]

  # ── OPTIONAL: Clean products page ─────────────────────────
  # RewriteRule ^products/?$ products.php [QSA,L]
  # RewriteRule ^about/?$ about.php [QSA,L]
  # RewriteRule ^engineering/?$ engineering.php [QSA,L]
  # RewriteRule ^contact/?$ contact.php [QSA,L]
</IfModule>

# ─── File upload size (adjust to match php.ini) ────────────────
<IfModule mod_php.c>
  php_value upload_max_filesize 10M
  php_value post_max_size 10M
  php_value max_execution_time 60
</IfModule>

# ─── UTF-8 encoding ────────────────────────────────────────────
AddDefaultCharset UTF-8

# ─── Gzip compression ──────────────────────────────────────────
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript
</IfModule>

# ─── Browser caching for static assets ────────────────────────
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType image/jpeg "access plus 1 month"
  ExpiresByType image/png  "access plus 1 month"
  ExpiresByType image/webp "access plus 1 month"
  ExpiresByType image/gif  "access plus 1 month"
  ExpiresByType image/svg+xml "access plus 1 month"
  ExpiresByType text/css   "access plus 1 week"
  ExpiresByType application/javascript "access plus 1 week"
</IfModule>
