Options -Indexes -MultiViews
DirectoryIndex index.php index.html

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteRule "(^|/)\.(?!well-known/)" - [F,L,NC]
RewriteRule ^(?:config|vendor|storage|logs|cache|backup|backups)(?:/|$) - [F,L,NC]
RewriteRule \.(?:env|ini|log|sh|bak|sql|swp|yml|yaml|git|htaccess|htpasswd)$ - [F,L,NC]
RewriteRule ^(?:uploads|images|files)/.*\.(?:php|php\d*|phtml|phar)$ - [F,L,NC]

RewriteCond %{QUERY_STRING} (?:<|%3C).*script.*(?:>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (?:GLOBALS|_REQUEST)(?:=|\[|%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} (?:base64_encode|base64_decode|eval\(|union.+select|concat\(|sleep\(|benchmark\() [NC]
RewriteRule .* - [F,L]

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) [NC]
RewriteRule .* - [F,L]
</IfModule>

<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript
AddOutputFilterByType DEFLATE application/json application/xml application/xhtml+xml application/rss+xml
AddOutputFilterByType DEFLATE image/svg+xml
</IfModule>

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
</IfModule>

<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"
Header always set X-XSS-Protection "1; mode=block"
</IfModule>

<FilesMatch "\.(env|ini|log|sh|bak|sql|swp|yml|yaml|md|txt)$">
Require all denied
</FilesMatch>
