RewriteEngine On
RewriteBase /e-visa/

# 1. Block direct access to /e-visa and /e-visa/ FIRST (before other rules)
RewriteCond %{REQUEST_URI} ^/e-visa/?$ [NC]
RewriteRule ^ - [F,L]

# 2. Allow real files and directories (CSS, JS, images, uploads)
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

# 3. Allow index.php with admin path
RewriteRule ^index\.php/admin - [L]

# 4. Route ADMIN requests through index.php (framework routing)
RewriteRule ^(admin|perform)(/.*)?$ index.php/$1$2 [L,QSA]

# 5. Allow VERIFY token URLs ONLY (100+ character tokens)
RewriteCond %{REQUEST_URI} ^/e-visa/verify[a-zA-Z0-9]{100,}$ [NC]
RewriteRule ^(verify.+)$ index.php?token=$1 [L,QSA]

# 6. Block EVERYTHING else that doesn't match above rules
RewriteRule ^ - [F,L]