RewriteEngine On

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?izhak\.me [NC]
RewriteRule \.(jpg|jpeg|png|gif|webp)$ - [NC,F,L]

RewriteCond %{THE_REQUEST} \s/+(.*?/)?(?:index)?(.*?)\.html[\s?/] [NC]
RewriteRule ^ /%1%2 [R=302,L,NE]

RedirectMatch 301 ^/waitlist/?(.*)$ https://idsma.imators.com

RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule ^(.+?)/?$ $1.html [L]

RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+?)/?$ $1.php [L]

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Options -Indexes

<IfModule mod_headers.c>
    <FilesMatch "\.(jpg|jpeg|png|gif|webp)$">
        Header set X-Content-Type-Options "nosniff"
        Header set X-Frame-Options "DENY"
    </FilesMatch>
    
    <FilesMatch "\.(html|htm|js|css)$">
        Header set Cache-Control "max-age=600, public"
    </FilesMatch>
    
    Header set Connection keep-alive
    Header append Vary Accept-Encoding
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    Header set Content-Security-Policy "default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' https:; frame-src 'none'; object-src 'none'; connect-src 'self' https:;"
    Header always unset X-Powered-By
    Header always unset Server
</IfModule>

ServerSignature Off

<FilesMatch "^\.">
    Require all denied
</FilesMatch>

<FilesMatch "^(?:composer\.json|composer\.lock|package\.json|package-lock\.json|\.gitignore|\.env|\.git|\.htaccess|\.htpasswd|README\.md|LICENSE|\.log|\.sql|\.zip|\.tar|\.gz|\.bak|\.config|\.ini|\.sh|\.swp)$">
    Require all denied
</FilesMatch>

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/json
    AddOutputFilterByType DEFLATE image/svg+xml
</IfModule>

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 1 month"
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType text/html "access plus 600 seconds"
    ExpiresByType font/woff2 "access plus 1 year"
</IfModule>

ErrorDocument 404 /404.shtml

<Files 403.shtml>
    Require all granted
</Files>

<IfModule mime_module>
    AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
