# Configuración Apache para Sistema de Agua Mineral
# Compatible con cPanel y hosting compartido

# Habilitar reescritura de URLs
RewriteEngine On

# Redirigir HTTP a HTTPS (opcional, descomentar si se usa SSL)
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Redirigir www a no-www (opcional)
# RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
# RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

# Proteger archivos de configuración
<Files "config/*">
    Order Allow,Deny
    Deny from all
</Files>

<Files "includes/Database.php">
    Order Allow,Deny
    Deny from all
</Files>

# Proteger archivos SQL
<Files "*.sql">
    Order Allow,Deny
    Deny from all
</Files>

# Proteger archivos de log
<Files "*.log">
    Order Allow,Deny
    Deny from all
</Files>

# Proteger archivos .env y similares
<Files ".env*">
    Order Allow,Deny
    Deny from all
</Files>

# Proteger directorios sensibles
<DirectoryMatch "^.*/\.(git|svn)/">
    Order Allow,Deny
    Deny from all
</DirectoryMatch>

# Configurar tipos MIME
<IfModule mod_mime.c>
    AddType application/javascript .js
    AddType text/css .css
    AddType image/svg+xml .svg
    AddType application/font-woff .woff
    AddType application/font-woff2 .woff2
</IfModule>

# Habilitar compresión GZIP
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/json
</IfModule>

# Configurar cache para archivos estáticos
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-javascript "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresDefault "access plus 2 days"
</IfModule>

# Configurar headers de cache
<IfModule mod_headers.c>
    # Cache para archivos estáticos
    <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
        Header set Cache-Control "max-age=2592000, public"
    </FilesMatch>
    
    # No cache para archivos PHP
    <FilesMatch "\.(php)$">
        Header set Cache-Control "no-cache, no-store, must-revalidate"
        Header set Pragma "no-cache"
        Header set Expires 0
    </FilesMatch>
    
    # Seguridad adicional
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options SAMEORIGIN
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# Prevenir acceso directo a archivos PHP en includes
<Directory "includes">
    <Files "*.php">
        Order Allow,Deny
        Deny from all
    </Files>
</Directory>

# Permitir acceso a archivos específicos necesarios
<Files "install.php">
    Order Allow,Deny
    Allow from all
</Files>

# Configurar páginas de error personalizadas (opcional)
# ErrorDocument 404 /error404.php
# ErrorDocument 500 /error500.php

# Configurar límites de PHP (si está permitido)
<IfModule mod_php7.c>
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value memory_limit 128M
    php_value max_execution_time 300
    php_value max_input_vars 3000
</IfModule>

# Para PHP 8
<IfModule mod_php8.c>
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value memory_limit 128M
    php_value max_execution_time 300
    php_value max_input_vars 3000
</IfModule>

# Bloquear acceso a archivos de backup
<FilesMatch "\.(bak|backup|old|tmp)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Prevenir hotlinking de imágenes (opcional)
# RewriteCond %{HTTP_REFERER} !^$
# RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?tudominio.com [NC]
# RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

# Configurar índices de directorio
Options -Indexes

# Configurar seguimiento de enlaces simbólicos
Options +FollowSymLinks

# Configurar codificación por defecto
AddDefaultCharset UTF-8
