<IfModule mod_rewrite.c>
    # Disable MultiViews and directory listings
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    # Enable URL rewriting
    RewriteEngine On

    # Preserve Authorization header for APIs
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Preserve X-XSRF-Token header for APIs
    RewriteCond %{HTTP:x-xsrf-token} .
    RewriteRule .* - [E=HTTP_X_XSRF_TOKEN:%{HTTP:X-XSRF-Token}]

    # Redirect trailing slashes if not a directory
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Block access to sensitive folders
    RewriteRule ^\.git - [F,L]
    RewriteRule ^\.env - [F,L]
    RewriteRule ^wp-config\.php - [F,L]
    RewriteRule ^composer\.json - [F,L]
    RewriteRule ^vendor/ - [F,L]
    RewriteRule ^core/ - [F,L]

    # Block common scanning/bot attempts
    RewriteCond %{HTTP_USER_AGENT} ^curl [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^python [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^binance [NC]
    RewriteRule ^ - [F,L]

    # Send all other requests to index.php
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

# cPanel PHP handler
# DO NOT EDIT: sets PHP 8.2 as default
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php82 .php .php8 .phtml
</IfModule>

# Disable directory browsing globally
Options -Indexes

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php82” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php82 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
