# Enable Sym Links for CMS folders
Options +FollowSymlinks

<IfModule mod_headers.c>
  # Framed page protection
  Header set X-Frame-Options SAMEORIGIN
  # XSS protection
  Header set X-XSS-Protection "1; mode=block"
  # MIME-Type sniffing protection
  Header always set X-Content-Type-Options "nosniff"
  # Cookie protection - Enable "secure" for HTTPS
  Header edit Set-Cookie ^(.*)$ $1;HttpOnly;#Secure
  # Enable HSTS to force use secure connections - Enable only if HTTPS is forced on both website sides
  #Header always set Strict-Transport-Security "max-age=300; includeSubDomains; preload"
</IfModule>

# Set up default expire value
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 month"
  ExpiresDefault "access plus 4 weeks"
  ExpiresDefault "access plus 30 days"
</IfModule>

# Rewrite engine
<IfModule mod_rewrite.c>
  RewriteEngine On
  # disable .inc view
  RewriteRule ^(.*)?\.inc$ / [L]

  # admin, request (.php files)
  RewriteCond %{REQUEST_FILENAME} -f
  RewriteRule ^([^\.]*).php$ $1.php?%{QUERY_STRING} [L]

  # CaMykS assets
  # RewriteRule ^cdata/(.*)$ request.php?CaMykSAsset=$1 [L,NS,QSA]
  # RewriteRule ^cplugin/(.*)$ request.php?PluginAsset=$1 [L,NS,QSA]

  # site page
  RewriteCond %{REQUEST_FILENAME} !-s

  # Legacy url rewriting
  RewriteRule ^([_0-9a-zA-Z/]*/)?([_0-9a-zA-Z]*)([-_0-9a-zA-Z+]*)?(\.[a-z]{2})?(\.[a-zA-Z0]*)?$ index.php?page=$2&params=$3&_clg_=$4&&ext=$5&%{QUERY_STRING} [L,NS]

  # Modern url rewriting
  #RewriteRule ^([0-9a-zA-Z\-_]+)(/?[-_0-9a-zA-Z\(\)+]*)?(\.[a-z]{2})?(\.[a-zA-Z0]*)?$ index.php?page=$1&params=$2&_clg_=$3&ext=$4&%{QUERY_STRING} [L,NS]

  # Modern url rewriting with language as leading folder
  # RewriteRule ^([a-z]{2})?/?([0-9a-zA-Z\-_]+)(/?[-_0-9a-zA-Z\(\)+]*)?(\.[a-zA-Z0]*)?$ index.php?page=$2&params=$3&_clg_=$1&ext=$4&%{QUERY_STRING} [L,NS]
</IfModule>
