<IfModule mod_rewrite.c>
    <IfModule mod_alias.c>
        Options -MultiViews -Indexes
    </IfModule>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>
    RewriteEngine On
    # Block access to sensitive files
    RewriteRule ^\.env$ - [F,L]
    RewriteRule ^composer\.json$ - [F,L]
    RewriteRule ^composer\.lock$ - [F,L]
    RewriteRule ^package\.json$ - [F,L]
    RewriteRule ^package-lock\.json$ - [F,L]
    # Block storage except public photos, uploads, and bots
    RewriteRule ^storage/(?!app/public/photos|app/public/uploads|app/public/bots)(.*)$ - [F,L]
    RewriteRule ^\.git/(.*)$ - [F,L]
    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    # Redirect Trailing Slashes
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]
    # Send Requests To Front Controller
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

# Deny access to .htaccess
<Files .htaccess>
    Order allow,deny
    Deny from all
</Files>
# Deny access to files with specific extensions
<FilesMatch "^\.(?!well-known)|\.(?:env|log|yml|yaml|xml|md|sql|sh|config|bak|gitignore|gitattributes|lock|json|inc|dist|cache|git|docker|dockerignore)$">
    Order allow,deny
    Deny from all
</FilesMatch>
# Disable directory browsing
Options -Indexes
# Prevent viewing of .env file
<Files ~ "^\.env">
    Order allow,deny
    Deny from all
</Files>
# Protect against common attacks
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
# php -- BEGIN cPanel-generated handler, do not edit
# Set the "ea-php82" package as the default "PHP" programming language.
