# URL Rewriting for Protected Page with Hash
# Allows access via: domain.com/hash512/

<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # Check if file exists, if yes, don't rewrite
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    
    # Match 512-character hex hash in URL path
    RewriteCond %{REQUEST_URI} ^/([a-f0-9]{512})/?$
    
    # Rewrite to protected-page.php with hash parameter
    RewriteRule ^([a-f0-9]{512})/?$ protected-page.php?hash=$1 [L,QSA]
</IfModule>

# Security Headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>
