# Enable URL rewriting
RewriteEngine On

# Set the base directory
RewriteBase /

# Redirect kategori/index.php to the main index.php
RewriteRule ^kategori/index\.php$ index.php [R=301,L]

# Redirect to SEO friendly URLs
RewriteRule ^kategori/([0-9]+)-([a-zA-Z0-9\-]+)\.html$ category.php?id=$1&slug=$2 [L,QSA]
RewriteRule ^urun/([0-9]+)-([a-zA-Z0-9\-]+)\.html$ product.php?id=$1&slug=$2 [L,QSA]

# Prevent directory listing
Options -Indexes

# Set default character set
AddDefaultCharset UTF-8

# Enable compression
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json
</IfModule>

# Set caching headers
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType image/x-icon "access plus 1 year"
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType text/javascript "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
</IfModule>

# Security headers
<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set X-XSS-Protection "1; mode=block"
  Header set X-Frame-Options "SAMEORIGIN"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  Header set Content-Security-Policy "default-src 'self'; script-src 'self' https://cdn.jsdelivr.net https://code.jquery.com https://cdnjs.cloudflare.com; style-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self';"
</IfModule>

# PHP settings
<IfModule mod_php7.c>
  php_flag display_errors Off
  php_flag log_errors On
  php_value error_log /path/to/error.log
  php_value upload_max_filesize 2M
  php_value post_max_size 8M
  php_value max_execution_time 30
  php_value max_input_time 60
  php_value memory_limit 128M
  php_flag session.cookie_httponly On
  php_flag session.use_only_cookies On
  php_flag session.cookie_secure On
</IfModule>

# Prevent access to sensitive files
<FilesMatch "^(\.htaccess|\.htpasswd|\.git|\.env|\.gitignore|composer\.json|composer\.lock)">
  Order Allow,Deny
  Deny from all
</FilesMatch>

# Prevent PHP execution in uploads directory
<Directory "/uploads">
  <FilesMatch "\.php$">
    Order Allow,Deny
    Deny from all
  </FilesMatch>
</Directory>