# Admin Panel - Minimal Configuration
# Last Updated: 2025-12-19
# MINIMAL VERSION - Only blocks config files, allows everything else

RewriteEngine On
RewriteBase /adm/

# ========================================
# CLEAN URLs - Remove .php Extension
# ========================================

# Redirect .php to clean URLs
RewriteCond %{THE_REQUEST} \s/adm/(.+)\.php [NC]
RewriteRule ^ /adm/%1 [R=301,L]

# Serve .php for clean URLs
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^([^\.]+)$ $1.php [NC,L,QSA]

# ========================================
# MINIMAL PROTECTION - Only block config
# ========================================

# Block ONLY config files (nothing else)
<FilesMatch "^(config|database|konak|anti)\.php$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>

# Block sensitive file extensions
<FilesMatch "\.(htaccess|htpasswd|ini|log|sql|env|bak)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>

# ========================================
# SECURITY HEADERS
# ========================================
<IfModule mod_headers.c>
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header unset X-Powered-By
</IfModule>

# ========================================
# PERFORMANCE
# ========================================
Options -Indexes

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/json
</IfModule>

ErrorDocument 403 /adm/error
ErrorDocument 404 /adm/error
