# Disable directory browsing
Options All -Indexes

# ----------------------------------------------------------------------
# Rewrite engine
# ----------------------------------------------------------------------

# Turning on the rewrite engine is necessary for the following rules and features.
# FollowSymLinks must be enabled for this to work.
<IfModule mod_rewrite.c>
    Options +SymLinksIfOwnerMatch
    RewriteEngine On

    # Only use RewriteBase when document root is PROJECT ROOT and app is at /public/
    # If document root points to THIS folder (public/), leave RewriteBase commented:
    # RewriteBase /public/

    # Redirect Trailing Slashes...
    # RewriteCond %{REQUEST_FILENAME} !-d
    # RewriteCond %{REQUEST_URI} (.+)/$
    # RewriteRule ^ %1 [L,R=301]

    # Disabled - can cause redirect loops on cPanel/proxy setups
    # RewriteCond %{HTTPS} !=on
    # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    # RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]

    # To redirect a subdomain to a subdir because of https not supporting wildcards
    # replace values between <> with your values
    # RewriteCond %{HTTP_HOST} ^<OSPOS subdomain>\.<my web domain>\.com$ [OR]
    # RewriteCond %{HTTP_HOST} ^www\.<OSPOS subdomain>\.<my web domain>\.com$
    # RewriteRule ^/?$ "https\:\/\/www\.<my web domain>\.com\/<OSPOS path>" [R=301,L]

    # Checks to see if the user is attempting to access a valid file,
    # such as an image or css document, if this isn't true it sends the
    # request to the front controller, index.php
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d

    # If in web root
    RewriteRule ^([\s\S]*)$ index.php/$1 [L,NC,QSA]

    # If in subdir comment above line, uncomment the line below and replace <PATH> with your path
    #RewriteRule ^(.*)$ /<PATH>/public/index.php?/$1 [L]

    # Ensure Authorization header is passed along
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

<IfModule !mod_rewrite.c>
    # If we don't have mod_rewrite installed, all 404's
    # can be sent to index.php, and everything works as normal.
    ErrorDocument 404 index.php
</IfModule>

# Disable server signature start
ServerSignature Off
# Disable server signature end

<IfModule mod_expires.c>
  <FilesMatch "\.(jpe?g|png|gif|js|css)$">
    ExpiresActive On
    ExpiresDefault "access plus 1 week"
  </FilesMatch>
</IfModule>

<IfModule mod_headers.c>
  Header always set X-Frame-Options "SAMEORIGIN"
  Header add Content-Security-Policy "default-src 'self' www.google.com; connect-src 'self' nominatim.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: blob:; object-src 'none'; form-action 'self'"
  Header set X-Content-Type-Options "nosniff"
  Header set X-XSS-Protection "1; mode=block"
  Header set X-Frame-Options "DENY"
</Ifmodule>

# prevent folder listing
IndexIgnore *

<IfModule authz_core_module>
  # secure htaccess file
  <Files .htaccess>
    Require all denied
  </Files>
  # prevent access to PHP error log
  <Files error_log>
    Require all denied
  </Files>
</IfModule>
