diff --git a/.htaccess b/.htaccess
index da6358e..36f6ac1 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,10 +1,10 @@
-# KI-Fit Check - AI Readiness Assessment Tool
-# .htaccess Configuration
+# KI-Fit Check Questionnaire - Server Configuration
+# For Appwizzy platform compatibility
-# Set default index files (your HTML file doesn't have PHP, so removed index.php)
-DirectoryIndex index.html
+# Set default index files
+DirectoryIndex index.php index.html
-# Security & Performance Settings
+# Security & Performance
Options -Indexes
Options -MultiViews
ServerSignature Off
@@ -12,8 +12,7 @@ ServerSignature Off
# Enable Rewrite Engine
RewriteEngine On
-# Force HTTPS (if you have SSL certificate)
-# Uncomment when you have SSL installed
+# Force HTTPS (uncomment when SSL is installed)
# RewriteCond %{HTTPS} off
# RewriteCond %{HTTP_HOST} !^localhost [NC]
# RewriteCond %{HTTP_HOST} !^127\.0\.0\.1 [NC]
@@ -32,11 +31,45 @@ RewriteEngine On
# Referrer Policy
Header set Referrer-Policy "strict-origin-when-cross-origin"
-
- # Content Security Policy (adjust based on your needs)
- # Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self';"
+# ===== URL REWRITING =====
+
+# 1) Serve existing files/directories as-is
+RewriteCond %{REQUEST_FILENAME} -f [OR]
+RewriteCond %{REQUEST_FILENAME} -d
+RewriteRule ^ - [L]
+
+# 2) Handle clean URLs for questionnaire
+# Rewrite /ki-fit-check to index.php (main questionnaire)
+RewriteRule ^ki-fit-check/?$ index.php [L]
+
+# 3) Handle other pages
+RewriteRule ^kontakt/?$ ki-check.php [L]
+RewriteRule ^ergebnisse/?$ results.php [L]
+RewriteRule ^erfolg/?$ success.php [L]
+
+# 4) Handle API endpoints
+RewriteRule ^api/submit/?$ api/submit.php [L]
+RewriteRule ^api/analyze/?$ api/analyze.php [L]
+RewriteRule ^api/generate-pdf/?$ api/generate-pdf.php [L]
+RewriteRule ^api/send-email/?$ api/send-email.php [L]
+
+# 5) Remove trailing slashes for non-directories
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteCond %{REQUEST_URI} (.+)/$
+RewriteRule ^ %1 [R=301,L]
+
+# 6) Custom error pages
+ErrorDocument 404 /404.html
+ErrorDocument 500 /500.html
+
+# ===== REDIRECTIONS =====
+
+# Redirect old .php URLs to clean URLs
+RewriteRule ^index\.php$ / [R=301,L]
+RewriteRule ^ki-check\.php$ /ki-fit-check [R=301,L]
+
# ===== PERFORMANCE OPTIMIZATION =====
ExpiresActive On
@@ -83,68 +116,19 @@ RewriteEngine On
AddOutputFilterByType DEFLATE font/woff2
-# ===== URL REWRITING =====
-
-# 0) Serve existing files/directories as-is
-RewriteCond %{REQUEST_FILENAME} -f [OR]
-RewriteCond %{REQUEST_FILENAME} -d
-RewriteRule ^ - [L]
-
-# 1) Handle clean URLs for questionnaire
-# Rewrite /ki-fit-check to /index.html (your main page)
-RewriteRule ^ki-fit-check/?$ /index.html [L]
-
-# 2) Handle other pages if they exist
-# Example: Rewrite /kontakt to /contact.html
-# RewriteRule ^kontakt/?$ /contact.html [L]
-# RewriteRule ^agb/?$ /terms.html [L]
-# RewriteRule ^datenschutz/?$ /privacy.html [L]
-
-# 3) Remove trailing slashes for non-directories
-RewriteCond %{REQUEST_FILENAME} !-d
-RewriteCond %{REQUEST_URI} (.+)/$
-RewriteRule ^ %1 [R=301,L]
-
-# 4) Custom error pages (if you create them)
-# ErrorDocument 404 /404.html
-# ErrorDocument 500 /500.html
-
-# ===== REDIRECTIONS (OPTIONAL) =====
-
-# Redirect old .php URLs to clean URLs (if migrating)
-# RewriteRule ^index\.php$ / [R=301,L]
-# RewriteRule ^ki-fit-check\.php$ /ki-fit-check [R=301,L]
-
-# Redirect www to non-www (or vice versa)
-# Uncomment and choose one:
-# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
-# RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
-
-# OR non-www to www:
-# RewriteCond %{HTTP_HOST} !^www\. [NC]
-# RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
-
-# ===== BLOCK ACCESS TO SENSITIVE FILES =====
-
- Order allow,deny
- Deny from all
-
-
-
- Order allow,deny
- Deny from all
-
-
-# ===== CORS SETTINGS (if needed for API calls) =====
+# ===== CORS SETTINGS =====
- # Allow requests from your domain only
- Header set Access-Control-Allow-Origin "https://yourdomain.com"
+ # Allow requests from any origin (adjust for production)
+ Header set Access-Control-Allow-Origin "*"
# Allow specific methods
Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
# Allow specific headers
- Header set Access-Control-Allow-Headers "Content-Type, Authorization"
+ Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
+
+ # Allow credentials
+ Header set Access-Control-Allow-Credentials "true"
# ===== CACHE CONTROL =====
@@ -155,7 +139,44 @@ RewriteRule ^ %1 [R=301,L]
# Don't cache HTML files (except static pages)
-
+
Header set Cache-Control "public, max-age=3600, must-revalidate"
-
\ No newline at end of file
+
+
+# ===== BLOCK ACCESS TO SENSITIVE FILES =====
+
+ Order allow,deny
+ Deny from all
+
+
+
+ Order allow,deny
+ Deny from all
+
+
+# Block access to config directories
+RedirectMatch 403 ^/ai/.*$
+RedirectMatch 403 ^/db/.*$
+RedirectMatch 403 ^/mail/.*$
+RedirectMatch 403 ^/api/.*$
+
+# ===== PHP SETTINGS =====
+
+ php_value upload_max_filesize 10M
+ php_value post_max_size 10M
+ php_value max_execution_time 300
+ php_value max_input_time 300
+ php_value memory_limit 256M
+
+
+# ===== FOR APPWIZZY COMPATIBILITY =====
+# Ensure PHP files are processed correctly
+AddType application/x-httpd-php .php
+AddHandler application/x-httpd-php .php
+
+# Set default charset
+AddDefaultCharset UTF-8
+
+# Disable directory listing
+IndexIgnore *
\ No newline at end of file