# check if RewriteModule is availbale RewriteEngine on # prevent httpd from serving dotfiles (.htaccess, .svn, .git, etc.) - except let's encrypt challenge RedirectMatch 403 ^/?\.(?!/well-known/acme-challenge/[\w-]{43}$) RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ RewriteRule ^(.*) - [E=BASE:%1] # Sets the HTTP_AUTHORIZATION header removed by apache RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteCond %{REQUEST_FILENAME} -f RewriteRule .? - [L] RewriteRule .? %{ENV:BASE}/index.php [L] # Config files from vendor should not be readable via browser Order Allow,Deny Deny from All Order Allow,Deny Deny from All