RewriteEngine On
#RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]


#SITEMA DE LINKS DINAMICOS

RewriteRule  ^login 				login.php		 	     [NC,L]
RewriteRule  ^sair 					sair.php		 		 [NC,L]
RewriteRule  ^caixa-premiacoes		caixa-premiacoes.php	 [NC,L]
RewriteRule  ^usuarios 				usuarios.php		 	 [NC,L]
RewriteRule  ^admin-usuarios 		admin-usuarios.php		 [NC,L]
RewriteRule  ^index 				index.php		 	     [NC,L]
RewriteRule  ^sistema 				sistema.php		 	     [NC,L]
RewriteRule  ^afiliados 			afiliados.php		 	 [NC,L]
RewriteRule  ^listagem-afiliados 	listagem-afiliados.php	 [NC,L]
RewriteRule  ^pagamentos 			pagamentos.php		 	 [NC,L]
RewriteRule  ^conversao 			conversao.php		 	 [NC,L]
RewriteRule  ^imagens 				imagens.php		 	     [NC,L]
RewriteRule  ^valores 				valores.php		 	     [NC,L]
RewriteRule  ^cores 				cores.php		 	     [NC,L]
RewriteRule  ^banners 				banners.php		 	     [NC,L]
RewriteRule  ^usuario-detalhes 		usuario-detalhes.php	 [NC,L]
RewriteRule  ^raspadinhas 			raspadinhas.php		 	 [NC,L]
RewriteRule  ^recompensas 			recompensas.php		 	 [NC,L]
RewriteRule  ^editar-premiacoes 	editar-premiacoes.php	 [NC,L]
RewriteRule  ^historico-raspadinhas 	historico-raspadinhas.php	 [NC,L]
RewriteRule  ^depositos 				depositos.php			 [NC,L]
RewriteRule  ^saques 				saques.php			 [NC,L]
RewriteRule  ^webhooks 				webhooks.php			 [NC,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
<IfModule mod_rewrite.c>
	<IfModule mod_negotiation.c>
		Options -MultiViews
	</IfModule>
</IfModule>
# ----------------------------------------------------------------------
# | Anti- Clickjacking                                                       |
# ----------------------------------------------------------------------
 <IfModule mod_headers.c>
 Header set X-Frame-Options "DENY"
 # `mod_headers` cannot match based on the content-type, however,
 # the `X-Frame-Options` response header should be send only for
 # HTML documents and not for the other resources.
 <FilesMatch "\.(appcache|ttf|ttc|otf|eot|woff|font.css|css|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
    # Header unset X-Frame-Options
 </FilesMatch>
</IfModule>

# ----------------------------------------------------------------------
# | Negando acesso aos diretórios                                                      |
# ---------------------------------------------------------------------
	<IfModule mod_autoindex.c>
		Options -Indexes
	</IfModule>
	
# ----------------------------------------------------------------------
# | Bloqueando arquivos sensiveis                                                  |
# ----------------------------------------------------------------------	
	<FilesMatch "(^#.*#|\.(bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$">

		# Apache < 2.3
		<IfModule !mod_authz_core.c>
			Order allow,deny
			Deny from all
			Satisfy All
		</IfModule>

		# Apache ≥ 2.3
		<IfModule mod_authz_core.c>
			Require all denied
		</IfModule>

	</FilesMatch>
	
	# ----------------------------------------------------------------------
	# | Cross-Site Scripting (XSS) Ataque                                  |
	# ----------------------------------------------------------------------
		<IfModule mod_headers.c>
		 #                           (1)    (2)
		 Header set X-XSS-Protection "1; mode=block"
		 # `mod_headers` cannot match based on the content-type, however,
		 # the `X-XSS-Protection` response header should be send only for
		 # HTML documents and not for the other resources.
		 <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
			 Header unset X-XSS-Protection
		 </FilesMatch>
	 </IfModule>
	 
	 <IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/opentype
# For Older Browsers Which Can't Handle Compression
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>