# File Location: /home/apimedi1/public_html/api/v1/.htaccess
# FINAL VERSION — BROWSER + cURL + POSTMAN ALL WORK

RewriteEngine On

# === 1. ALLOW HEALTH CHECK IN BROWSER (BYPASS MOD_SECURITY) ===
RewriteRule ^health$ index.php [QSA,L,E=NO_MODSEC:1]

# === 2. DISABLE MOD_SECURITY FOR ENTIRE API (SAFE FOR APIs) ===
<IfModule mod_security2.c>
    SecRuleEngine Off
</IfModule>
<IfModule mod_security.c>
    SecRuleEngine Off
</IfModule>

# === 3. ALLOW ALL USER AGENTS (STOP 503 FOR BROWSERS) ===
SetEnvIf User-Agent "Mozilla" allow_browser
SetEnvIf User-Agent "Chrome" allow_browser
SetEnvIf User-Agent "Safari" allow_browser
SetEnvIf User-Agent "Firefox" allow_browser
SetEnvIf User-Agent "Edge" allow_browser
SetEnvIf User-Agent "Postman" allow_postman
SetEnvIf User-Agent "curl" allow_curl

# === 4. MAIN ROUTING (YOUR ORIGINAL — PERFECT) ===
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]