# Enable Rewrite Engine
RewriteEngine On

# Hide PHP, HTML, or other extensions
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [L]

RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html [L]

# Disable directory listing
Options -Indexes

# Protect sensitive files
<FilesMatch "\.(env|htaccess|ini|log|sh|bak|sql|yaml|json|pem|key|lock|conf)$">
  Require all denied
</FilesMatch>

# Set default index file
DirectoryIndex index.php index.html

# Enable gzip compression
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/json application/xml
</IfModule>

# Cache control
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType text/html "access plus 1 hour"
  ExpiresByType image/gif "access plus 1 month"
  ExpiresByType image/jpeg "access plus 1 month"
  ExpiresByType image/png "access plus 1 month"
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
</IfModule>

# Prevent access to sensitive directories
<IfModule mod_autoindex.c>
  IndexIgnore *
</IfModule>

# Redirect www to non-www (or vice versa)
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [L,R=301]

# Force HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [L,R=301]

# PHP settings (optional, if needed)
<IfModule mod_php7.c>
  php_flag display_errors Off
  php_value upload_max_filesize 20M
  php_value post_max_size 20M
  php_value memory_limit 128M
  php_value max_execution_time 300
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
