RewriteEngine On

# Security - Prevent access to sensitive files
<FilesMatch "\.(env|json|config|database|md|gitignore|lock)$">
    Deny from all
</FilesMatch>

# Prevent directory listing
Options -Indexes

# Basic redirect (optional - comment out if causes issues)
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

# Remove .php extension
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [L]

# Pretty URLs for articles
RewriteRule ^artikel/([0-9]+)/([a-zA-Z0-9-]+) index.php?page=article&id=$1 [L,QSA]

# Security headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>