Options -MultiViews RewriteEngine On ## ## You may need to uncomment the following line for some hosting environments, ## if you have installed to a subdirectory, enter the name here also. ## # RewriteBase / ## ## Uncomment following lines to force HTTPS. ## # RewriteCond %{HTTPS} off # RewriteRule (.*) https://%{SERVER_NAME}/$1 [L,R=301] ## ## Uncomment to redirect trailing slashes in URLs. ## # RewriteCond %{REQUEST_FILENAME} !-d # RewriteRule ^(.*)/$ /$1 [L,R=301] ## ## Uncomment to redirect /index.php/path to /path ## # RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/index\.php\s # RewriteRule ^index\.php$ / [R=301,L] # RewriteRule ^index\.php/(.*)$ /$1 [L,R=301] ## ## Handle Authorization Header ## RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] ## ## Blocked folders ## RewriteRule ^bootstrap/.* index.php [L,NC] RewriteRule ^config/.* index.php [L,NC] RewriteRule ^vendor/.* index.php [L,NC] RewriteRule ^storage/cms/.* index.php [L,NC] RewriteRule ^storage/logs/.* index.php [L,NC] RewriteRule ^storage/framework/.* index.php [L,NC] RewriteRule ^storage/temp/protected/.* index.php [L,NC] RewriteRule ^storage/app/uploads/protected/.* index.php [L,NC] ## ## Allowed folders ## RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{REQUEST_FILENAME} !/.well-known/* RewriteCond %{REQUEST_FILENAME} !/app/(assets|resources)/.* RewriteCond %{REQUEST_FILENAME} !/storage/app/media/.* RewriteCond %{REQUEST_FILENAME} !/storage/app/resources/.* RewriteCond %{REQUEST_FILENAME} !/storage/app/uploads/public/.* RewriteCond %{REQUEST_FILENAME} !/storage/temp/public/.* RewriteCond %{REQUEST_FILENAME} !/themes/.*/(assets|resources)/.* RewriteCond %{REQUEST_FILENAME} !/plugins/.*/(assets|resources)/.* RewriteCond %{REQUEST_FILENAME} !/modules/.*/(assets|resources)/.* RewriteRule !^index.php index.php [L,NC] ## ## Block all PHP files, except index ## RewriteCond %{REQUEST_FILENAME} -f RewriteCond %{REQUEST_FILENAME} \.php$ RewriteRule !^index.php index.php [L,NC] ## ## Standard routes ## RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L]