# Disable directory listing
Options -Indexes
# Force utf-8 charset
AddDefaultCharset UTF-8
AddCharset UTF-8 .html .css .js .svg .woff .woff2
# Security
ServerSignature Off
# Protect .htaccess file
Require all denied
# Protect config.php
Require all denied
# Protect fusion_error_log.log
Require all denied
# Protect .cache files
Order allow,deny
deny from all
Header set X-Content-Type-Options "nosniff"
ErrorDocument 401 /error.php?code=401
ErrorDocument 403 /error.php?code=403
ErrorDocument 404 /error.php?code=404
Options +SymLinksIfOwnerMatch
# Let PHP know mod_rewrite is enabled
SetEnv MOD_REWRITE On
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
RewriteBase /
# Fix Apache internal dummy connections from breaking [(site_url)] cache
RewriteCond %{HTTP_USER_AGENT} ^.*internal\ dummy\ connection.*$ [NC]
RewriteRule .* - [F,L]
# Exclude /administration and /themes directories and images from rewrite rules
RewriteRule ^(administration|themes)/*$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_URI} !^/(administration|config|index.php)
RewriteRule ^(.*?)$ index.php [L]