# Disable directory browsing
Options -Indexes
# Block TRACE method
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
# Deny access to hidden files
RedirectMatch 403 /\..*$
# Protect .git
RedirectMatch 404 /\.git
# Block common sensitive file types
Order allow,deny
Deny from all
# Security Headers
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "geolocation=(), microphone=()"
Header always set Content-Security-Policy "default-src 'self';"
# Disable Apache signature
ServerSignature Off
# Clean URLs
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
ErrorDocument 404 index.php