# ============================================================
# 🌐 Basis-Zugriffskontrolle
# ============================================================
<IfModule mod_authz_core.c>
    Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
    Allow from all
    Satisfy any
</IfModule>

# ============================================================
# 🧭 CACHING & BROWSER PERFORMANCE
# ============================================================
<IfModule mod_expires.c>
    ExpiresActive On

    # 📄 Standard-Gültigkeit: 1 Monat
    ExpiresDefault "access plus 1 month"

    # 🖼️ Bilder, Fonts, Medien (selten geändert)
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
    ExpiresByType font/woff "access plus 1 year"

    # 🧩 CSS, JS – wird bei Änderungen automatisch neu geladen
    ExpiresByType text/css "access plus 0 days"
    ExpiresByType application/javascript "access plus 0 days"

    # 📝 HTML – nie cachen, damit aktuelle Inhalte sofort sichtbar sind
    ExpiresByType text/html "access plus 0 seconds"

    # 🪄 JSON, API, dynamische Daten – kurz halten
    ExpiresByType application/json "access plus 0 minutes"
</IfModule>

# ============================================================
# ⚡ KOMPRIMIERUNG (Bandbreite sparen)
# ============================================================
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/json
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE font/woff2
</IfModule>

# ============================================================
# 🔒 SICHERHEIT (grundlegende Header)
# ============================================================
<IfModule mod_headers.c>
    # Verhindert MIME-Type-Sniffing
    Header set X-Content-Type-Options "nosniff"
    # Klickschutz
    Header set X-Frame-Options "SAMEORIGIN"
    # Cross-Site-Scripting-Schutz
    Header set X-XSS-Protection "1; mode=block"
    # Cache-Kontrolle für HTML (keine veralteten Seiten)
    <FilesMatch "\.(html|php)$">
        Header set Cache-Control "no-cache, no-store, must-revalidate"
    </FilesMatch>
</IfModule>

# ============================================================
# 🧮 PHP-EINSTELLUNGEN
# ============================================================
php_value upload_max_filesize 100M
php_value post_max_size 100M
php_value memory_limit 256M
php_value max_execution_time 120