RewriteEngine On
DirectoryIndex index.php

<IfModule mod_headers.c>
  SetEnvIf Origin "https://andweare\.com$" CORS_ALLOW_ORIGIN=$0
  Header set Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN
  Header set Access-Control-Allow-Credentials "true" env=CORS_ALLOW_ORIGIN
  Header set Access-Control-Allow-Methods "GET, POST, OPTIONS" env=CORS_ALLOW_ORIGIN
  Header set Access-Control-Allow-Headers "Content-Type, Authorization" env=CORS_ALLOW_ORIGIN
</IfModule>

<Files "*.png">
    Require all granted
</Files>

RewriteCond %{REQUEST_URI} ^/$ [OR]
RewriteCond %{REQUEST_URI} ^/?index\.php$
RewriteRule ^ /login.php [L]

RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*?)/?$ $1.php [L]

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_REFERER} ^https?://imators\.com/fr [NC]
RewriteCond %{REQUEST_URI} !^/fr [NC]
RewriteRule ^(.*)$ /fr [L,R=301]

Options -Indexes

<FilesMatch "^(\.|wp-config\.php|php\.ini|\.htaccess|\.git)">
    Require all denied
</FilesMatch>

<FilesMatch "sess_.*">
    Require all granted
</FilesMatch>

<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header set Content-Security-Policy "default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';"
    Header always unset X-Powered-By
    Header always unset Server
</IfModule>

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?(imators\.com) [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp)$ - [NC,F]

ServerSignature Off

RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC]
RewriteRule .* - [F,L]

RewriteCond %{HTTP:X-Requested-With} XMLHttpRequest
RewriteRule ^(.+)$ $1.php [L,QSA]

<LimitExcept GET POST HEAD>
    Require all denied
</LimitExcept>

<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist|git|env|env\.|composer\.|package\.)|~|\.env|composer\.json|package\.json)$">
    Require all denied
</FilesMatch>

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/json
</IfModule>

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType font/woff2 "access plus 1 year"
</IfModule>

<IfModule mime_module>
    AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
