# ============================================================
# Geografi LMS - Dinamika Atmosfer
# .htaccess - cPanel Shared Hosting Safe Version
# ============================================================

# -------------------------------------------------------
# 1. Disable directory listing (safe version)
# -------------------------------------------------------
<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

# -------------------------------------------------------
# 2. URL Rewriting
# -------------------------------------------------------
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /x/dinamika_atmosfer/

    # Protect sensitive directories — return 403
    RewriteRule ^(config|sql)/         - [F,L]
    RewriteRule ^auth/middleware\.php  - [F,L]

    # Serve existing files and directories directly
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]

    # Everything else → index.php
    RewriteRule ^ index.php [L]
</IfModule>

# -------------------------------------------------------
# 3. Security headers (requires mod_headers — safe if absent)
# -------------------------------------------------------
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>

# -------------------------------------------------------
# 4. Protect sensitive files from direct access
# -------------------------------------------------------
<FilesMatch "\.(env|sql|log|sh|bak|git)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>

# -------------------------------------------------------
# 5. Compression (optional — safe if mod_deflate absent)
# -------------------------------------------------------
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css application/javascript application/json
</IfModule>

# -------------------------------------------------------
# 6. Charset
# -------------------------------------------------------
AddDefaultCharset UTF-8

# NOTE: php_flag / php_value directives INTENTIONALLY REMOVED
# cPanel PHP-FPM/CGI does not support them in .htaccess.
# PHP settings are configured in config.php instead.
