
# Enable URL rewriting
RewriteEngine On

# Force HTTPS (optional, remove if not using SSL)
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Remove .php extension from URLs
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^([a-zA-Z0-9_-]+)/?$ $1.php [L]

# Prevent direct access to PHP files if clean URL is used
RewriteRule ^([a-zA-Z0-9_-]+)\.php$ - [L]

# Set default page
DirectoryIndex POS.php

# Deny access to sensitive files
<FilesMatch "(\.json|\.zip|\.txt|\.log)$">
  Order allow,deny
  Deny from all
</FilesMatch>
