# ============================================================
#  .htaccess
#  Path: /home/pritsco/public_html/android-apps/testing/whmcs/
#  Server: Apache on pritsco.com VPS
# ============================================================

Options -Indexes
DirectoryIndex index.php

# ── Force HTTPS ───────────────────────────────────────────────
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /android-apps/testing/whmcs/

    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

# ── PHP settings ──────────────────────────────────────────────
<IfModule mod_php7.c>
    php_flag  display_errors      Off
    php_value error_reporting     0
    php_value memory_limit        256M
    php_value max_execution_time  60
    php_value post_max_size       32M
    php_value upload_max_filesize 32M
    php_value session.gc_maxlifetime 3600
    php_flag  session.cookie_httponly On
    php_flag  session.use_strict_mode On
</IfModule>

<IfModule mod_php8.c>
    php_flag  display_errors      Off
    php_value error_reporting     0
    php_value memory_limit        256M
    php_value max_execution_time  60
    php_value post_max_size       32M
    php_value upload_max_filesize 32M
    php_value session.gc_maxlifetime 3600
    php_flag  session.cookie_httponly On
    php_flag  session.use_strict_mode On
</IfModule>

# ── Block sensitive files ─────────────────────────────────────
<FilesMatch "\.(sql|log|env|sh|bak|cfg|ini|txt)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# ── Security headers ──────────────────────────────────────────
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options  "nosniff"
    Header always set X-Frame-Options         "SAMEORIGIN"
    Header always set X-XSS-Protection        "1; mode=block"
    Header always set Referrer-Policy         "strict-origin-when-cross-origin"
</IfModule>

# ── Gzip compression ──────────────────────────────────────────
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css application/javascript text/plain
</IfModule>

# ── Browser caching for assets ────────────────────────────────
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/css              "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType image/png             "access plus 1 month"
    ExpiresByType image/jpeg            "access plus 1 month"
</IfModule>
