# ArcaneNeko Website - .htaccess Configuration
# Apache server configuration rules
# Enable Rewrite Engine
RewriteEngine On
RewriteBase /
# ============================================
# Remove .html extension from URLs
# ============================================
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI}.html -f
RewriteRule ^(.*)$ $1.html [L]
# ============================================
# SECURITY & BASIC PROTECTION
# ============================================
# Block access to hidden files (dotfiles)
Require all denied
# Block access to config and environment files
Require all denied
# ============================================
# CUSTOM ERROR PAGES
# ============================================
ErrorDocument 400 /400
ErrorDocument 403 /403
ErrorDocument 404 /404
ErrorDocument 500 /500
ErrorDocument 502 /502
ErrorDocument 503 /503
# ============================================
# CACHE CONTROL & PERFORMANCE
# ============================================
# Static assets caching - 1 year
Header set Cache-Control "max-age=31536000, public"
# HTML documents - no cache
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "0"
# ============================================
# BROWSER CACHING & COMPRESSION
# ============================================
# Enable Gzip compression (mod_deflate)
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/x-javascript application/json application/rss+xml font/ttf font/otf
# ============================================
# MIME TYPES & FONT ACCESS
# ============================================
# Allow CORS for web fonts
Header set Access-Control-Allow-Origin "*"
# ============================================
# SECURITY HEADERS
# ============================================
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "DENY"
Header set X-XSS-Protection "1; mode=block"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
# ============================================
# SITEMAP
# ============================================
RewriteRule ^sitemap\.xml$ /sitemap.xml [L]
# ============================================
# ROBOTS.TXT
# ============================================
RewriteRule ^robots\.txt$ /robots.txt [L]
# ============================================
# HTTPS & FORCE SSL (optional)
# ============================================
# Uncomment the next 3 lines to force HTTPS redirect
# RewriteCond %{HTTPS} off
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# ============================================
# PHP & SERVER-SIDE PROCESSING (optional)
# ============================================
# If your site needs PHP, uncomment:
# AddType application/x-httpd-php .php
# DirectoryIndex index.php index.html
# ============================================
# CLIENT SIDE ROUTING (SPA support - optional)
# ============================================
# For single-page applications, route all non-file/non-api requests to index.html
# Uncomment if you implement client-side routing
#
# RewriteCond %{REQUEST_FILENAME} !-f
# RewriteCond %{REQUEST_FILENAME} !-d
# RewriteRule ^ index.html [L]
# ============================================
# NGINX COMPATIBILITY NOTES
# ============================================
# This .htaccess is for Apache. If running with Nginx:
# - Nginx does not support .htaccess; rules must be in server config
# - ErrorDocument directives need server-level config in Nginx
# - Header directives need 'add_header' in Nginx context
# - Rewrite rules need 'rewrite' directive in Nginx
#
# Example Nginx config for static assets:
# location ~* \.(ico|pdf|flv|jpg|jpeg|png|gif|webp|svg|eot|otf|woff|woff2|ttf|css|js)$ {
# expires 1y;
# add_header Cache-Control "public";
# try_files $uri =404;
# }
#
# Example Nginx config for sitemap:
# rewrite ^/sitemap.xml$ /sitemap.xml break;