# Improved security and performance settings
Options -Indexes
ServerSignature Off

# PHP handling
AddType application/x-httpd-php .php
AddHandler x-httpd-php .php

# Prevent access to sensitive files
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

<FilesMatch "^(composer\.json|composer\.lock|package\.json|package-lock\.json|README\.md)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# URL rewriting
RewriteEngine On

# Redirect m3u8 files to video.php
RewriteRule ^.*\.(?:m3u8)$ video.php?access=$0 [NC,L,QSA]

# Security headers
<IfModule mod_headers.c>
    # Protect against XSS attacks
    Header set X-XSS-Protection "1; mode=block"
    
    # Prevent MIME-type sniffing
    Header set X-Content-Type-Options "nosniff"
    
    # Clickjacking protection
    Header set X-Frame-Options "SAMEORIGIN"
    
    # Enable HSTS (HTTP Strict Transport Security)
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
</IfModule>

# Enable compression for better performance
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json
</IfModule>

# Set caching headers for static assets
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
</IfModule>