# Configuration de sécurité et redirection avancée

# Désactiver l'affichage du contenu des répertoires
Options -Indexes -MultiViews

# Désactiver la signature du serveur
ServerSignature Off

# Activer le moteur de réécriture
RewriteEngine On

# Protection contre les attaques de type File Injection
<IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS)
    RewriteRule .* - [F]
</IfModule>

# Protection contre les scripts malveillants
<FilesMatch "^(error_log|php.ini|\.[hH][tT][aApP].*)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Protection des fichiers sensibles
<FilesMatch "^(wp-config\.php|\.htaccess|\.user\.ini)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Protection contre le hotlinking
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^https?://([^/]+\.)?imators\.com [NC]
    RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
</IfModule>

# En-têtes de sécurité avancés
<IfModule mod_headers.c>
    # Politique de sécurité du contenu stricte
    Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self'; frame-ancestors 'none'; form-action 'self';"
    
    # Politique X-Frame pour éviter le clickjacking
    Header always set X-Frame-Options "DENY"
    
    # Protection contre les attaques XSS
    Header set X-XSS-Protection "1; mode=block"
    
    # Empêcher la détection de type MIME
    Header set X-Content-Type-Options "nosniff"
    
    # Politique de référence stricte
    Header set Referrer-Policy "strict-origin-when-cross-origin"
    
    # Politique de chiffrement HSTS (HTTP Strict Transport Security)
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

# Protection contre les requêtes malveillantes
<IfModule mod_rewrite.c>
    # Bloquer les requêtes POST vides
    RewriteCond %{REQUEST_METHOD} ^POST$
    RewriteCond %{CONTENT_LENGTH} ^0$
    RewriteRule .* - [F]

    # Limiter la longueur des requêtes
    RewriteCond %{REQUEST_URI} ^.{255,}$ 
    RewriteRule .* - [F]

    # Bloquer les requêtes contenant des caractères suspects
    RewriteCond %{THE_REQUEST} ^.*(\\|<|>|{|}).* [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(\<script).* [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(%3C|%3E|%7B|%7D).* [NC]
    RewriteRule .* - [F]
</IfModule>

# Protection contre les injections SQL
<IfModule mod_rewrite.c>
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    RewriteRule ^(.*)$ index.php [F,L]
</IfModule>

# Compression et performance
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css text/javascript application/javascript application/x-javascript application/xml
</IfModule>

# Cache navigateur
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
</IfModule>

# Redirection universelle vers imators.com
RewriteCond %{HTTP_HOST} !^imators\.com$ [NC]
RewriteRule ^(.*)$ https://imators.com/$1 [R=301,L]

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
