RewriteEngine On

# =========================
# 0) Canonical: HTTPS (з урахуванням проксі/Cloudflare)
# =========================
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# =========================
# 1) Canonical: прибрати www
# =========================
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

# =========================
# 2) ❌ Закрити стару мережу (/НоваяПапка/) і її percent-encoded шлях
# =========================
RewriteCond %{REQUEST_URI} ^/(?:НоваяПапка|%D0%9D%D0%BE%D0%B2%D0%B0%D1%8F%D0%9F%D0%B0%D0%BF%D0%BA%D0%B0)(?:/|$) [NC]
RewriteRule ^ - [G,L]

ErrorDocument 410 "Gone"

# =========================
# 3) Канонізація index.php -> /
# Працює тільки для прямого зовнішнього запиту
# =========================
RewriteCond %{THE_REQUEST} \s/+(.*/)?index\.php(?:[?\s]|$) [NC]
RewriteRule ^(.*/)?index\.php$ /$1 [R=301,L]

# =========================
# 4) Канонізація sitemap.xml.php -> sitemap.xml
# =========================
RewriteCond %{THE_REQUEST} \s/+sitemap\.xml\.php(?:[?\s]|$) [NC]
RewriteRule ^sitemap\.xml\.php$ /sitemap.xml [R=301,L]

# =========================
# 5) Заборонити лістинг директорій
# =========================
Options -Indexes

# =========================
# 6) sitemap.xml -> sitemap.xml.php
# =========================
RewriteRule ^sitemap\.xml$ sitemap.xml.php [L]

# =========================
# 7) Безпечні заголовки
# =========================
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# =========================
# 8) Кешування статики
# =========================
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType text/css "access plus 30 days"
  ExpiresByType application/javascript "access plus 30 days"
  ExpiresByType text/javascript "access plus 30 days"
  ExpiresByType image/jpeg "access plus 30 days"
  ExpiresByType image/png "access plus 30 days"
  ExpiresByType image/gif "access plus 30 days"
  ExpiresByType image/webp "access plus 30 days"
  ExpiresByType image/svg+xml "access plus 30 days"
  ExpiresByType font/woff2 "access plus 180 days"
</IfModule>

# =========================
# 9) Стиснення (gzip)
# =========================
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/json image/svg+xml
</IfModule>

# =========================
# 10) Захист /includes
# =========================
RewriteRule ^includes/ - [F,L]

# =========================
# 11) Захист /blocks
# =========================
RewriteRule ^blocks/ - [F,L]

# =========================
# 12) Закрити системні файли + архіви
# =========================
<FilesMatch "(\.ini|\.log|\.sql|\.bak|\.swp|\.dist|composer\.(json|lock)|package\.json|package-lock\.json|\.zip|\.rar|\.7z|\.tar|\.gz)$">
  Require all denied
</FilesMatch>