RewriteEngine On
RewriteBase /

# Redirect HTTP ke HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Redirect ke index jika folder/file tidak ditemukan
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]

# Proteksi folder - cegah directory listing
Options -Indexes

# Cegah akses langsung ke file konfigurasi
<FilesMatch "\.(env|sql|md)$">
    Require all denied
</FilesMatch>

# Cegah akses ke setup.php setelah instalasi
<Files "setup.php">
    Require all denied
</Files>

# CORS headers untuk CDN resources
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
