# Kayak Firmaları Platformu .htaccess

# PHP ayarları
php_value upload_max_filesize 10M
php_value post_max_size 10M
php_value max_execution_time 300
php_value max_input_time 300

# Hata raporlama (production'da kapatılmalı)
# php_flag display_errors Off
# php_flag log_errors On

# HTTPS Yönlendirmesi (SSL aktifse)
<IfModule mod_rewrite.c>
    Options -MultiViews
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

# SEO Friendly URL'ler
RewriteEngine On
# RewriteBase otomatik algılanacak, manuel ayarlamaya gerek yok

# Kategori sayfaları: domainname.com/erciyes-kayak-merkezi
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([a-z0-9-]+)$ category.php?slug=$1 [L,QSA]

# Blog detay sayfası
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^blog/([a-z0-9-]+)$ blog-detail.php?slug=$1 [L,QSA]

# Firma detay sayfası
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^firma/([^/]+)/?$ company-detail.php?slug=$1 [L,QSA]

# Hizmet detay sayfası
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^hizmet/([0-9]+)$ service-detail.php?id=$1 [L,QSA]

# Sayfa detay sayfası
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^page/([a-z0-9-]+)$ page.php?slug=$1 [L,QSA]

# Güvenlik: Config ve includes klasörlerine erişimi engelle
<FilesMatch "^(config|includes)">
    Order allow,deny
    Deny from all
</FilesMatch>

# Güvenlik: .sql dosyalarına erişimi engelle
<FilesMatch "\.sql$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Güvenlik: .env dosyalarına erişimi engelle
<FilesMatch "\.env$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Gzip sıkıştırma
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>

# Cache kontrolü
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
</IfModule>

# Güvenlik Headers
<IfModule mod_headers.c>
    # XSS Protection
    Header set X-XSS-Protection "1; mode=block"
    # Clickjacking Protection
    Header always append X-Frame-Options SAMEORIGIN
    # Content Type Options
    Header set X-Content-Type-Options "nosniff"
    # Referrer Policy
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
