25 lines
701 B
ApacheConf
25 lines
701 B
ApacheConf
RewriteEngine On
|
|
|
|
# Force HTTPS
|
|
RewriteCond %{HTTPS} off
|
|
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
|
|
|
# Block access to sensitive files and directories
|
|
RewriteRule ^\.env$ - [F,L]
|
|
RewriteRule ^composer\.(json|lock)$ - [F,L]
|
|
RewriteRule ^src/ - [F,L]
|
|
RewriteRule ^templates/ - [F,L]
|
|
RewriteRule ^config/ - [F,L]
|
|
RewriteRule ^cron/ - [F,L]
|
|
RewriteRule ^storage/ - [F,L]
|
|
RewriteRule ^migrations/ - [F,L]
|
|
RewriteRule ^docs/ - [F,L]
|
|
RewriteRule ^vendor/ - [F,L]
|
|
|
|
# Allow direct access to existing files and directories (assets, etc.)
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
|
|
# Route everything else through index.php
|
|
RewriteRule ^(.*)$ index.php [QSA,L]
|