# Disable Directory Listing globally to prevent exposed folders
Options -Indexes

# Custom Error Pages
ErrorDocument 404 /multi3/404.php

# Protect sensitive server and backup files from web access
<FilesMatch "\.(sql|bak|old|zip|tar|gz|log|env)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</FilesMatch>

# --- Clean URL Internal Routing ---
<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # Ensure directory root domains hit index.php correctly (e.g. /admin -> /admin/index.php)
    DirectoryIndex index.php index.html
    
    # Check 1: If requested URI is NOT an existing directory
    RewriteCond %{REQUEST_FILENAME} !-d
    # Check 2: If requested URI is NOT an existing file (like css, js, images)
    RewriteCond %{REQUEST_FILENAME} !-f
    # Check 3: If appending .php to the requested URI matches an existing PHP file
    RewriteCond %{REQUEST_FILENAME}.php -f
    # Action: Internally rewrite the extensionless URL to its .php counterpart seamlessly
    RewriteRule ^(.*)$ $1.php [L]
</IfModule>
