.htaccess

# php_flag display_startup_errors off
# php_flag display_errors off
# php_flag html_errors off
# php_value docref_root 0
# php_value docref_ext 0

<IfModule mod_rewrite.c>
  Options -MultiViews
  Options All -Indexes
  Options +FollowSymLinks

  RewriteEngine On
  RewriteBase /

  RewriteRule ^index\.php$ - [L]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-l
  RewriteRule . /index.php [L]

  RewriteRule ^node_modules/$ - [R=403,L]
  RewriteRule ^src/$ - [R=403,L]
  RewriteRule ^assets/$ - [R=403,L]
  RewriteRule ^vendor/$ - [R=403,L]
</IfModule>

<FilesMatch "^(.json|.yml|.env|.env.sample|.gitignore|.htaccess|composer.json|composer.lock|package-lock.json|package.json|.config.js|.md)$">
  Require all denied
</FilesMatch>


## SECURITY START
  ServerSignature Off
  <IfModule mod_expires.c>
    Header add Access-Control-Allow-Origin "*"
    Header unset ETag
    FileETag None
  </IfModule>

  <IfModule mod_deflate.c>
      SetOutputFilter DEFLATE
      # Don't compress images
      SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
      AddOutputFilterByType DEFLATE text/plain
      AddOutputFilterByType DEFLATE text/html
      AddOutputFilterByType DEFLATE text/xml
      AddOutputFilterByType DEFLATE text/css
      AddOutputFilterByType DEFLATE application/xml
      AddOutputFilterByType DEFLATE application/xhtml+xml
      AddOutputFilterByType DEFLATE application/rss+xml
      AddOutputFilterByType DEFLATE application/javascript
      AddOutputFilterByType DEFLATE application/x-javascript
  </IfModule>

  <IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/css "access 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresDefault "access plus 1 month"
  </IfModule>

  <IfModule mod_headers.c>
  	Header set X-XSS-Protection "1; mode=block"
  	Header always append X-Frame-Options SAMEORIGIN
  	Header set X-Content-Type-Options nosniff
  </IfModule>

  <Files .htaccess>
    Order Allow,Deny
    Deny from all
  </Files>
## SECURITY END