RewriteEngine On 

RewriteCond %{HTTPS} off 
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{DOCUMENT_ROOT}/static%{REQUEST_URI}/index.html -f
RewriteRule ^$ /static/index.html [L]
RewriteRule ^([a-zA-Z0-9_\-]+)$ /static/$1.html [L]

RewriteRule ^variable/([a-zA-Z0-9_\-]+)$ /static/index.html#/variable/$1 [L]
RewriteRule ^enumeration/([a-zA-Z0-9_\-]+)$ /static/index.html#/enumeration/$1 [L]
RewriteRule ^metaFolder/([a-zA-Z0-9_\-]+)$ /static/index.html#/metaFolder/$1 [L]
RewriteRule ^metaDataset/([a-zA-Z0-9_\-]+)$ /static/index.html#/metaDataset/$1 [L]
RewriteRule ^metaVariable/([a-zA-Z0-9_\-]+)$ /static/index.html#/metaVariable/$1 [L]

RewriteRule ^([a-zA-Z0-9_\-]+)/([a-zA-Z0-9_\-]+)$ /static/$1/$2.html [L]

ErrorDocument 404 /static/_error.html

# Block access to sensitive config files
<FilesMatch "(llm-web\.config\.json|deploy\.config\.json)$">
  Require all denied
</FilesMatch>

# CORS and Security Headers for API
AddType application/json .json

<FilesMatch "\.json$">
  Header set Access-Control-Allow-Origin "*"
  Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
  Header set Access-Control-Allow-Headers "Content-Type"
  Header set Cache-Control "public, max-age=31536000, immutable"
  Header set Content-Type "application/json; charset=utf-8"
  Header set X-Content-Type-Options "nosniff"
</FilesMatch>

<IfModule mod_deflate.c>
  <FilesMatch "\.json$">
    SetOutputFilter DEFLATE
  </FilesMatch>
</IfModule>

<IfModule mod_headers.c>
  Header merge Vary Accept-Encoding
</IfModule>

# Cache Control
ExpiresActive On
ExpiresByType text/javascript         "access plus 1 year"
ExpiresByType application/javascript 	"access plus 1 year"
ExpiresByType text/css                "access plus 1 year"
ExpiresByType image/png 			        "access plus 1 year"
ExpiresByType font/woff2              "access plus 1 year"
ExpiresByType application/font-woff2  "access plus 1 year"
ExpiresByType application/json        "access plus 1 year"
