# Set default index file
    DirectoryIndex udyam-online.php

    # Redirect udyam-online.php or .html to clean URL
    RewriteEngine On
    RewriteRule ^(.*)udyam-online\.(php|html?)$ /$1 [R=301,NC,L]

    # Force non-www
    RewriteCond %{HTTP_HOST} ^www.aadharudyog.org [NC]
    RewriteRule ^(.*)$ https://aadharudyog.org/$1 [L,R=301]

    # Force HTTPS
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteCond %{HTTPS} off
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # remove trailing slashes
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # isable caching (no-store)
    <IfModule mod_headers.c>
        Header set Cache-Control "no-cache, no-store, must-revalidate"
        Header set Pragma "no-cache"
        Header set Expires 0
    </IfModule>

    # SECURITY SECTION BELOW ----------------------------

    # lock dangerous file types
    <FilesMatch "\.(bak|inc|old|sql|tar|zip|sh|env|ini|log|swp)$">
        Order allow,deny
        Deny from all
    </FilesMatch>

    # Prevent PHP execution in upload folders (optional — use only in upload dirs)
    # Create a separate .htaccess inside uploads/ or similar and add:
    # <Files *.php>
    #   deny from all
    # </Files>

    # Disable directory browsing
    Options -Indexes

    # Block suspicious IP (attacker)
    <RequireAll>
        Require all granted
        Require not ip 173.208.155.83
    </RequireAll>

    # Protect sensitive Apache config files
    <FilesMatch "^\.ht">
        Require all denied
    </FilesMatch>