RewriteEngine On 

RewriteCond %{HTTPS} off 
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{DOCUMENT_ROOT}/static%{REQUEST_URI}/index.html -f
RewriteRule ^$ /static/index.html [L]
RewriteRule ^([a-zA-Z0-9_\-]+)$ /static/$1.html [L]

RewriteRule ^variable/([a-zA-Z0-9_\-]+)$ /static/index.html#/variable/$1 [L]
RewriteRule ^modality/([a-zA-Z0-9_\-]+)$ /static/index.html#/modality/$1 [L]
RewriteRule ^metaFolder/([a-zA-Z0-9_\-]+)$ /static/index.html#/metaFolder/$1 [L]
RewriteRule ^metaDataset/([a-zA-Z0-9_\-]+)$ /static/index.html#/metaDataset/$1 [L]
RewriteRule ^metaVariable/([a-zA-Z0-9_\-]+)$ /static/index.html#/metaVariable/$1 [L]

RewriteRule ^([a-zA-Z0-9_\-]+)/([a-zA-Z0-9_\-]+)$ /static/$1/$2.html [L]

ErrorDocument 404 /static/_error.html

# Block access to sensitive config files
<FilesMatch "(llm-web\.config\.json|deploy\.config\.json)$">
  Require all denied
</FilesMatch>

# CORS and Security Headers for API
<FilesMatch "\.json$">
  Header set Access-Control-Allow-Origin "*"
  Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
  Header set Access-Control-Allow-Headers "Content-Type"
  Header set Content-Type "application/json; charset=utf-8"
  Header set X-Content-Type-Options "nosniff"
</FilesMatch>

# Cache Control
ExpiresActive On
ExpiresByType text/javascript         "access plus 1 year"
ExpiresByType application/javascript 	"access plus 1 year"
ExpiresByType text/css                "access plus 1 year"
ExpiresByType image/png 			        "access plus 1 year"
ExpiresByType font/woff2              "access plus 1 year"
ExpiresByType application/font-woff2  "access plus 1 year"
ExpiresByType application/json        "access plus 1 year"
