# INSTALL pinch
#DirectoryIndex index.html

# Redirect www
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.feran.gr$ [NC]
RewriteRule ^(.*)$ https://feran.gr/$1 [R=301]

# HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# End slash remove
RewriteBase /
RewriteCond %{HTTP_HOST} (.*)
RewriteCond %{REQUEST_URI} /$ [NC]
RewriteCond %{REQUEST_URI} !^/wp/wp-admin(/(.*)|$)
RewriteRule ^(.*)(/)$ $1 [L,R=301]

# Protect from XSS and SQL injections
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

# BEGIN WordPress
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]
</IfModule>

# Block WordPress xmlrpc.php requests
<Files "xmlrpc.php">
	order deny,allow
	deny from all
</Files>

# Block wp-config.php requests
<files "wp-config.php">
	order allow,deny
	deny from all
</files>

# Block wp-login.php requests
<Files "wp-login.php">
    Order deny,allow
    Deny from All
    Allow from 213.231.5.119 #Veselka_Home1
    Allow from 213.231.1.81 #Veselka_Home2
	Allow from 194.54.163.22 #Office Feran
</Files>

# Block admin-ajax.php requests
<Files "admin-ajax.php">
    Order deny,allow
    Deny from All
    Allow from 213.231.5.119 #Veselka_Home1
    Allow from 213.231.1.81 #Veselka_Home2
	Allow from 194.54.163.22 #Office Feran
</Files>

# Antihotlink - protects mediacontent from direct links
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?feran.gr [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?feran.ge [NC]
RewriteRule \.(jpg|jpeg|png|gif|pdf)$ https://feran.gr/content/plugins/veselka_landing/assets/img/logo_landing.svg [NC,F,L]
#RewriteRule \.(jpg|jpeg|png|gif|pdf)$ - [NC,F,L]

# Protect composer
RewriteEngine on
RewriteRule ^composer\.(lock|json)$ - [F,L]
RewriteRule ^vendor/.*$ - [F,L]

# Browser cache
<ifModule mod_headers.c>
	<filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|svg)$">
		Header set Cache-Control "max-age=2592000, public"
	</filesMatch>
		<filesMatch "\.(css|js)$">
	#Header set Cache-Control "max-age=2592000, public"
	</filesMatch>
	<filesMatch "\.(xml|txt)$">
		#Header set Cache-Control "max-age=172800, public, must-revalidate"
	</filesMatch>
	<filesMatch "\.(html|htm|php)$">
		#Header set Cache-Control "max-age=172800, private, must-revalidate"
	</filesMatch>
</ifModule>

<IfModule mod_expires.c>
	ExpiresActive On ExpiresByType image/jpg "access 1 year"
	ExpiresByType image/jpeg "access 1 year"
	ExpiresByType image/gif "access 1 year"
	ExpiresByType image/png "access 1 year"
	ExpiresByType image/svg "access 1 year"
	ExpiresByType text/css "access 1 month"
	ExpiresByType application/pdf "access 1 month"
	ExpiresByType application/javascript "access 1 month"
	ExpiresByType application/x-javascript "access 1 month"
	ExpiresByType application/x-shockwave-flash "access 1 month"
	ExpiresByType image/x-icon "access 1 year"
	ExpiresDefault "access 2 days"
</IfModule>

# GZip
<ifModule mod_gzip.c>
	mod_gzip_on Yes
	mod_gzip_dechunk Yes
	mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
	mod_gzip_item_include handler ^cgi-script$
	mod_gzip_item_include mime ^text/.*
	mod_gzip_item_include mime ^application/x-javascript.*
	mod_gzip_item_exclude mime ^image/.*
	mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>

# Zip
<IfModule mod_deflate.c>
	SetOutputFilter DEFLATE
	Header append Vary User-Agent
</IfModule>