# Remove autoindex
IndexIgnore *
## Options -Indexes
# Try to set PHP settings
php_value upload_max_filesize 20M
php_value post_max_size 20M
# Deny access to files starting with dot
Order allow,deny
Deny from all
# Deny access to log, sql, htaccess ecc..
Order allow,deny
Deny from all
# Deny access to VERSION, REVISION and config file
Order allow,deny
Deny from all
# Disable OSM indexing of php, html, htm, pdf files
Header set X-Robots-Tag: "noindex"
RewriteEngine On
# Tell PHP that the mod_rewrite module is ENABLED.
SetEnv HTTP_MOD_REWRITE On
# Deny access to protected folders
RewriteRule ^backup/?$ - [F,L]
RewriteRule ^docs/?$ - [F,L]
RewriteRule ^include/?$ - [F,L]
RewriteRule ^locale/?$ - [F,L]
RewriteRule ^logs/?$ - [F,L]
RewriteRule ^update/?$ - [F,L]
# Deny access to svn, git, node_modules and vendor folders
RewriteRule ^.git/?$ - [F,L]
RewriteRule ^.svn/?$ - [F,L]
RewriteRule ^node_modules/?$ - [F,L]
RewriteRule ^vendor/?$ - [F,L]
# Prevent hacks
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a