
RewriteEngine on

RewriteOptions inherit

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

# ============================================
# .htaccess - SSR La Aguada
# Configuración de Apache
# ============================================

# Habilitar RewriteEngine
#<IfModule mod_rewrite.c>
#    RewriteEngine On
#    RewriteBase /
    
#    Forzar HTTPS (descomentar cuando SSL esté configurado)
    # RewriteCond %{HTTPS} off
    # RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    # Redirigir www a non-www (o viceversa, según preferencia)
    # RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    # RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
#</IfModule>

# ============================================
# Seguridad
# ============================================

# Proteger archivos sensibles
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# Proteger archivos de configuración
<FilesMatch "(composer\.json|package\.json|\.sql|\.md|README)$">
    Require all denied
</FilesMatch>

# Prevenir listado de directorios
Options -Indexes

# Proteger carpeta internal
<IfModule mod_rewrite.c>
    RewriteRule ^internal/ - [F,L]
</IfModule>

# Proteger carpeta admin (solo acceso directo a archivos PHP)
<IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_URI} ^/admin/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . - [F,L]
</IfModule>

# ============================================
# Protección contra ataques comunes
# ============================================

# Protección XSS
<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# Prevenir inyección SQL via URL
<IfModule mod_rewrite.c>
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteRule .* - [F,L]
</IfModule>

# ============================================
# Compresión y Caché
# ============================================

# Habilitar compresión GZIP
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>

# Caché de navegador
<IfModule mod_expires.c>
    ExpiresActive On
    
    # Imágenes
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/x-icon "access plus 1 year"
    
    # CSS y JavaScript
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    
    # Fuentes
    ExpiresByType font/ttf "access plus 1 year"
    ExpiresByType font/otf "access plus 1 year"
    ExpiresByType font/woff "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
    
    # PDFs y documentos
    ExpiresByType application/pdf "access plus 1 month"
    
    # HTML y PHP (no cachear)
    ExpiresByType text/html "access plus 0 seconds"
</IfModule>

# ============================================
# Páginas de error personalizadas
# ============================================

#ErrorDocument 404 /404.html
#ErrorDocument 403 /403.html
#ErrorDocument 500 /500.html

# ============================================
# Límites de carga
# ============================================

# Aumentar límite de carga de archivos (si es necesario)
#php_value upload_max_filesize 10M
#php_value post_max_size 10M
#php_value max_execution_time 300
#php_value max_input_time 300

# ============================================
# Prevenir hotlinking de imágenes
# ============================================

#<IfModule mod_rewrite.c>
#    RewriteCond %{HTTP_REFERER} !^$
#    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?ssrlaaguada\.cl [NC]
#    RewriteRule \.(jpg|jpeg|png|gif|webp)$ - [F,L]
#</IfModule>
