Options -MultiViews
RewriteEngine On

RewriteRule ^index\.php$ - [L]

# ------------------------------------------------------------------------------
# Honeypot - Intercepts WordPress probe URLs before the main catch-all
# ------------------------------------------------------------------------------
RewriteCond %{REQUEST_URI} ^/(wp-login\.php|wp-admin|wp-config\.php|xmlrpc\.php|wp-includes|wp-content|wp-json|wp-cron\.php|wp-signup\.php|wp-activate\.php|wp-trackback\.php|\.env|\.git|phpmyadmin|pma|adminer|myadmin|mysqladmin)(/|$|\?) [NC]
RewriteRule ^ honeypot.php [L,QSA]

# Honeypot - Generic PHP file probes (webshell checks, uploaded backdoors)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(?!(index|honeypot)\.php)[^/]+\.php$ honeypot.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L,QSA]

# ------------------------------------------------------------------------------
# Compression
# ------------------------------------------------------------------------------
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/json image/svg+xml
</IfModule>

# ------------------------------------------------------------------------------
# Cache
# ------------------------------------------------------------------------------
<IfModule mod_expires.c>
    ExpiresActive On

    # CSS et JS : 1 an (URLs versionnées via anticache)
    ExpiresByType text/css                  "access plus 1 year"
    ExpiresByType application/javascript    "access plus 1 year"
    ExpiresByType text/javascript           "access plus 1 year"

    # Images : 30 jours
    ExpiresByType image/jpeg                "access plus 30 days"
    ExpiresByType image/png                 "access plus 30 days"
    ExpiresByType image/gif                 "access plus 30 days"
    ExpiresByType image/webp                "access plus 30 days"
    ExpiresByType image/avif                "access plus 30 days"
    ExpiresByType image/svg+xml             "access plus 30 days"
    ExpiresByType image/x-icon              "access plus 30 days"

    # Webfonts : 1 an
    ExpiresByType font/woff                 "access plus 1 year"
    ExpiresByType font/woff2                "access plus 1 year"
    ExpiresByType application/font-woff     "access plus 1 year"
    ExpiresByType application/font-woff2    "access plus 1 year"

    # HTML et données : pas de cache
    ExpiresByType text/html                 "access plus 0 seconds"
</IfModule>

<IfModule mod_headers.c>
    # Empêche le cache sur les pages HTML
    <FilesMatch "\.(html|twig)$">
        Header set Cache-Control "no-cache, no-store, must-revalidate"
    </FilesMatch>

    # Cache long terme pour les fonts (immutables)
    <FilesMatch "\.(woff2|woff|ttf|otf|eot)$">
        Header set Cache-Control "public, max-age=31536000, immutable"
    </FilesMatch>
</IfModule>