<IfModule mod_rewrite.c>
    RewriteEngine On
    # Forcer HTTPS
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
    
    # Protection des fichiers sensibles
    <FilesMatch "\.(sql|log|ini|sh|bak|json|env)$">
        Order allow,deny
        Deny from all
    </FilesMatch>
    
    # Désactiver l'indexation des répertoires
    Options -Indexes
</IfModule>

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript
</IfModule>

# Sécuriser les dossiers clés
RedirectMatch 403 ^/(includes|config|scripts)/.*$