# ╔══════════════════════════════════════════════════════════════╗
# ║        .htaccess - Configuration Apache pour CEDREPS         ║
# ╚══════════════════════════════════════════════════════════════╝

# Autoriser l'accès au répertoire
Options +FollowSymLinks
Options -Indexes

# Permettre l'accès à tous
<RequireAll>
    Require all granted
</RequireAll>

# Index par défaut
DirectoryIndex index.html index.php login.html

# Désactiver le listing des fichiers
Options -Indexes

# Autoriser les fichiers HTML et PHP
<FilesMatch "\.(html|php|css|js|jpg|jpeg|png|gif|svg|ico|woff|woff2|ttf|eot)$">
    Require all granted
</FilesMatch>

# Protection contre le hotlinking
RewriteEngine On

# Redirection vers login.html si pas de fichier spécifié
RewriteRule ^$ login.html [L]

# Autoriser l'accès aux assets
<FilesMatch "\.(css|js|jpg|jpeg|png|gif|svg|ico|woff|woff2|ttf|eot|pdf|doc|docx)$">
    Header set Access-Control-Allow-Origin "*"
</FilesMatch>

# Types MIME corrects
AddType text/html .html
AddType application/x-httpd-php .php
AddType text/css .css
AddType application/javascript .js

# Cache pour les assets statiques
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
</IfModule>

# Compression Gzip
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/css text/javascript application/javascript application/json
</IfModule>

# Protection des fichiers sensibles
<FilesMatch "^\.env|composer\.(json|lock)|package\.(json|lock)|\.git">
    Require all denied
</FilesMatch>

# Désactiver la signature du serveur
ServerSignature Off

# Protection XSS
<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Content-Type-Options "nosniff"
</IfModule>

# En cas d'erreur 403
ErrorDocument 403 /app_v5/login.html
ErrorDocument 404 /app_v5/login.html