# ==========================================================
# mwtech.live - httpdocs/.htaccess (Plain PHP + /portal/index.php)
# ==========================================================

Options -Indexes

# ----------------------------------------------------------
# 1) Block common bot probes early (but keep /portal working)
# ----------------------------------------------------------
<IfModule mod_rewrite.c>
    RewriteEngine On

    # Block Perl probing (this causes the AH01797 logs)
    RewriteRule \.pl$ - [F,L]

    # Block CGI bin scans
    RewriteRule ^cgi-bin - [F,L]

    # Block WordPress/xmlrpc scans (if you are NOT running WordPress)
    RewriteRule ^wp-admin - [F,L]
    RewriteRule ^wp-login\.php$ - [F,L]
    RewriteRule ^xmlrpc\.php$ - [F,L]

    # IMPORTANT: Do NOT block /portal (you use it)
    # /portal/index.php will work normally.
</IfModule>

# ----------------------------------------------------------
# 2) Block direct access to script extensions you don't use
#    (Do NOT block .php)
# ----------------------------------------------------------
<FilesMatch "\.(pl|py|pyc|pyo|jsp|asp|shtml|phtml|sh)$">
    Require all denied
</FilesMatch>

# Protect hidden files (e.g. .env, .git, etc.)
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# Optional: block common backup/dump/log files if accidentally uploaded
<FilesMatch "\.(bak|old|orig|save|swp|sql|log)$">
    Require all denied
</FilesMatch>


# ----------------------------------------------------------
# 3) (Optional) Force HTTPS - enable if you want
# ----------------------------------------------------------
# <IfModule mod_rewrite.c>
#     RewriteEngine On
#     RewriteCond %{HTTPS} !=on
#     RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# </IfModule>


# ----------------------------------------------------------
# 4) Browser caching (your expires rules)
# ----------------------------------------------------------
<IfModule mod_expires.c>
  ExpiresActive On

  # Images
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/webp "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType image/x-icon "access plus 1 year"

  # Video
  ExpiresByType video/webm "access plus 1 year"
  ExpiresByType video/mp4 "access plus 1 year"
  ExpiresByType video/mpeg "access plus 1 year"

  # Fonts
  ExpiresByType font/ttf "access plus 1 year"
  ExpiresByType font/otf "access plus 1 year"
  ExpiresByType font/woff "access plus 1 year"
  ExpiresByType font/woff2 "access plus 1 year"
  ExpiresByType application/font-woff "access plus 1 year"
  ExpiresByType application/font-woff2 "access plus 1 year"

  # CSS, JavaScript
  ExpiresByType text/css "access plus 1 year"
  ExpiresByType text/javascript "access plus 1 year"
  ExpiresByType application/javascript "access plus 1 year"

  # Others
  ExpiresByType application/pdf "access plus 1 year"
  ExpiresByType image/vnd.microsoft.icon "access plus 1 year"
</IfModule>