Options -MultiViews -Indexes
RewriteEngine On

# Segurança: bloqueia acesso a arquivos sensíveis
<FilesMatch "\.(env|log|json|lock|md|yml|yaml|sh)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Headers de segurança
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "DENY"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# Compressão gzip (economiza bandwidth)
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE application/json application/javascript text/css
</IfModule>

# Cache para assets estáticos
<FilesMatch "\.(ico|png|jpg|jpeg|gif|svg|woff2)$">
    Header set Cache-Control "max-age=2592000, public"
</FilesMatch>

# Redireciona tudo para index.php (Laravel front controller)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
