# 404 Error Page Configuration
ErrorDocument 404 /404.php

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
 
#utr for bharatpe and google pay

RewriteRule ^instantpay/bharatpe/payment-verify payment4/verify.php [NC,L]
RewriteRule ^instantpay/googlepay/payment-verify payment5/verify.php [NC,L]

#this is for utl for payment and status
RewriteRule ^order/payment-status  payment/payment_status.php [NC,L]
RewriteRule ^order/payment_status_utr  payment/payment_status_utr.php [NC,L]
RewriteRule ^order1/payment-status  payment/pstatus.php [NC,L]
RewriteRule ^order2/payment-status payment2/payment_status.php [NC,L]
RewriteRule ^order3/payment-status payment3/payment_status.php [NC,L]
RewriteRule ^order4/payment-statusAuto payment4/payment_statusAuto.php [NC,L]
RewriteRule ^order4/payment-status payment4/payment_status.php [NC,L]
RewriteRule ^order5/payment-status payment5/payment_status.php [NC,L]
RewriteRule ^order6/payment-status payment6/payment_status.php [NC,L]
RewriteRule ^order7/payment-status payment7/payment_status.php [NC,L]
RewriteRule ^order8/payment-statusAuto payment8/statusAuto.php [NC,L]
RewriteRule ^order8/payment-status payment8/status.php [NC,L]
RewriteRule ^order92/payment-status payment92/payment_status.php [NC,L]
RewriteRule ^order93/payment-statusAuto payment93/payment_statusAuto.php [NC,L]
RewriteRule ^order93/payment-status payment93/payment_status.php [NC,L]
RewriteRule ^order94/payment-status payment94/payment_status.php [NC,L]
RewriteRule ^order95/payment-status payment95/payment_status.php [NC,L]

RewriteRule ^api/create-order payment/create_order.php [NC,L]
RewriteRule ^api/check-order-status payment/check_order.php [NC,L]



#instance url and google pay core files


RewriteRule ^api/instance/events/google-pay corefilesinstance/googlepay/googlepay.php [NC,L]
RewriteRule ^api/instance/verify/google-pay corefilesinstance/googlepay/googlepayverify.php [NC,L]

# === Security Rules Start ===

# Disable directory browsing
Options -Indexes

# Deny access to .htaccess itself
<Files .htaccess>
  Require all denied
</Files>

# Block access to sensitive files
<FilesMatch "\.(env|ini|log|conf|sql|bak|sh)$">
  Require all denied
</FilesMatch>

# Block suspicious filenames (e.g., "..php")
<FilesMatch "\.\.php$">
  Require all denied
</FilesMatch>

# Prevent access to hidden files and folders
RedirectMatch 404 /\..+

# Restrict PHP execution in uploads or media folders (update if needed)
# <Directory "uploads">
#   <FilesMatch "\.php$">
#     Require all denied
#   </FilesMatch>
# </Directory>

# Limit HTTP methods to only safe ones
<LimitExcept GET POST HEAD>
  Require all denied
</LimitExcept>

# Block common malicious query strings
<IfModule mod_rewrite.c>
  RewriteCond %{QUERY_STRING} (\.\./|\.\.\\|base64_|eval\() [NC]
  RewriteRule .* - [F]
</IfModule>

# === Security Rules End ===




# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
