# ----------------------------------------------------------------------
# KALI KUNING BRAND - SECURITY & SEO CONFIGURATION
# ----------------------------------------------------------------------

RewriteEngine On

# 1. Menghilangkan Ekstensi .php dari URL
# Contoh: domain.com/berita.php menjadi domain.com/berita
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

# 2. Proteksi Akses Langsung ke File Core & Includes
# Mencegah akses browser ke file konfigurasi database
<FilesMatch "^(koneksi\.php|header\.php|footer\.php)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# 3. Mencegah Directory Browsing
# Agar pengunjung tidak bisa melihat daftar file di folder assets/ atau uploads/
Options -Indexes

# 4. Keamanan Folder Uploads
# Mencegah eksekusi script PHP yang mungkin diunggah secara ilegal ke folder gambar
<IfModule mod_rewrite.c>
    RewriteRule ^uploads/.*\.php$ - [F,L]
</IfModule>

# 5. Pengaturan Limit PHP (Penting untuk upload foto produk & berita)
<IfModule mod_php7.c>
    php_value upload_max_filesize 10M
    php_value post_max_size 12M
    php_value memory_limit 128M
</IfModule>

# 6. Keamanan Header (XSS Protection & nosniff)
<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
</IfModule>

# 7. Kompresi Gzip (Optimasi kecepatan loading)
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css text/javascript application/javascript
</IfModule>