RewriteEngine On

# ==================================================
# XML MIME TYPE (REQUIRED FOR BING)
# ==================================================
AddType application/xml .xml

<Files "sitemap-pages.xml">
  Require all granted
</Files>

# ==================================================
# 1. SINGLE CANONICAL REDIRECT
# ==================================================
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.morenews\.org$ [NC]
RewriteRule ^ https://www.morenews.org%{REQUEST_URI} [R=301,L]

# ==================================================
# 2. REMOVE index.php
# ==================================================
RewriteCond %{THE_REQUEST} \s/+index\.php[\s?] [NC]
RewriteRule ^index\.php$ https://www.morenews.org/ [R=301,L]

# ==================================================
# 3. REMOVE SERVER PATH LEAKS
# ==================================================
RewriteCond %{REQUEST_URI} ^/home/morenews/public_html/(.*)$ [NC]
RewriteRule ^ https://www.morenews.org/%1 [R=301,L]

# ==================================================
# 3. CLEAN URLs (NO .php)
# ==================================================
# Skip sitemap
RewriteRule ^sitemap-pages\.xml$ - [L]

# Internal rewrite
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+)$ $1.php [L]

# Redirect .php requests
RewriteCond %{THE_REQUEST} \s/+(.+)\.php[\s?] [NC]
RewriteRule ^ %1 [R=301,L]

# ==================================================
# 4. ERROR PAGES
# ==================================================
ErrorDocument 404 /404.php
ErrorDocument 403 /403.php
ErrorDocument 500 /500.php

# ==================================================
# 5. PERFORMANCE
# ==================================================
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/webp "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType font/woff2 "access plus 1 year"
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
</IfModule>

<IfModule mod_headers.c>
  <FilesMatch "\.(css|js|woff2|png|jpg|jpeg|webp|svg)$">
    Header set Cache-Control "public, max-age=31536000, immutable"
  </FilesMatch>
</IfModule>

# Compression (NO XML)
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE \
    text/html text/css text/plain \
    application/javascript application/json \
    image/svg+xml font/woff2
</IfModule>

<IfModule mod_brotli.c>
  AddOutputFilterByType BROTLI \
    text/html text/css text/plain \
    application/javascript application/json \
    image/svg+xml font/woff2
</IfModule>

# Disable compression for XML (Bing safe)
<IfModule mod_deflate.c>
  SetEnvIfNoCase Request_URI \.xml$ no-gzip
</IfModule>

<IfModule mod_brotli.c>
  SetEnvIfNoCase Request_URI \.xml$ no-brotli
</IfModule>

# ==================================================
# 6. SECURITY
# ==================================================
<FilesMatch "\.(env|ini|log|sh|sql|bak|config)$">
  Require all denied
</FilesMatch>

<FilesMatch "^\.">
  Require all denied
</FilesMatch>
