RewriteEngine On

# Pass all headers through (fixes custom header stripping)
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

# Never rewrite actual files or directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

# Biblion doc clean URLs
RewriteRule ^doc/([^/]+)$ /biblion-view.html?doc=$1 [L,QSA]

# Clean URLs — serve .html files without the extension
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI}.html -f
RewriteRule ^([^.]+)$ /$1.html [L]

# Security — block direct access to PHP config
<Files "config.php">
    Order allow,deny
    Deny from all
</Files>

<Files "setup.php">
    Order allow,deny
    Deny from all
</Files>