RewriteEngine On

# Основной домен с HTTPS редиректом
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

# Включение/отключение error_log
php_flag log_errors off

# Отключение отображения ошибок интерпретатора
php_flag display_errors off

# Блок по ip (современный синтаксис для Apache 2.4+)
<RequireAll>
    Require all granted
    Require not ip 95.153.176.125 198.27.120.241
</RequireAll>

# Правила маршрутизации
RewriteRule ^iframe$ iframe.php [L,QSA]
RewriteRule ^guest$ guest/index.php [L,QSA]
RewriteRule ^rules$ rules.php [L,QSA]
RewriteRule ^cont$ cont.php [L,QSA]
RewriteRule ^freerek/?$ freerek/index.php [L,QSA]
RewriteRule ^home/?$ home.php [L,QSA]
RewriteRule ^top/?$ top.php [L,QSA]
RewriteRule ^admin/view$ admin/index.php?case=view [L,QSA]
RewriteRule ^admin/add$ admin/index.php?case=add [L,QSA]
RewriteRule ^admin/del/([0-9]+)$ admin/index.php?case=del&id=$1 [L,QSA]
RewriteRule ^admin/history$ admin/history.php [L,QSA]
RewriteRule ^admin/cod$ admin/cod.php [L,QSA]
RewriteRule ^admin/cod2$ admin/cod2.php [L,QSA]
RewriteRule ^admin/cod3$ admin/cod3.php [L,QSA]
RewriteRule ^admin/cod4$ admin/cod4.php [L,QSA]
RewriteRule ^admin/index$ admin/index.php [L,QSA]
RewriteRule ^admin/sett$ admin/sett.php [L,QSA]
RewriteRule ^wk$ wk/index.php [L,QSA]
RewriteRule ^wk/list-active$ wk/list-active.php [L,QSA]
RewriteRule ^wk/success$ wk/index.php?success=1 [L]
RewriteRule ^wk/error$ wk/index.php?error=1 [L]
RewriteRule ^freerek/success$ freerek/index.php?success=1 [L]
RewriteRule ^freerek/error$ freerek/index.php?error=1 [L]
RewriteRule ^terms/?$ soglashenie.php [L,QSA]
RewriteRule ^onas/?$ onas.php [L,QSA]
RewriteRule ^admin/news$ admin/news.php [L,QSA]
RewriteRule ^news/?$ news.php [L,QSA]
RewriteRule ^blog/?$ blog.php [L,QSA]
RewriteRule ^admin/blog$ admin/blog.php [L,QSA]
RewriteRule ^admin/filtr$ admin/filtrurl.php [L,QSA]

# Защита от распространенных атак
<IfModule mod_rewrite.c>
    # Блокировка попыток SQL-инъекций
    RewriteCond %{QUERY_STRING} (.*)(%27|')(.*) [NC]
    RewriteRule ^(.*)$ - [F,L]

    # Блокировка попыток XSS
    RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3E) [NC]
    RewriteRule ^(.*)$ - [F,L]

    # Запрет доступа к скрытым файлам и папкам
    RewriteRule ^\.(.*)$ - [F,L]
</IfModule>

# Кэширование для улучшения производительности
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/css "access plus 1 week"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType text/x-javascript "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresDefault "access plus 2 days"
</IfModule>

# Сжатие данных для ускорения загрузки
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/x-javascript
</IfModule>

# Запрет доступа к файлам
<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|sql)$">
    Require all denied
</FilesMatch>

# Запрет листинга директорий
Options -Indexes

# Обработка ошибки 404
ErrorDocument 404 /404.php