DirectoryIndex index.php

<IfModule mod_php.c>
    php_value max_execution_time 18000
    php_flag session.auto_start off

    # enable resulting html compression
    #php_flag zlib.output_compression on

    # disable user agent verification to not break multiple image upload
    php_flag suhosin.session.cryptua off
</IfModule>

# disable POST processing to not break multiple image upload
<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

<IfModule mod_deflate.c>
    # enable apache served files compression
    # http://developer.yahoo.com/performance/rules.html#gzip

    # Insert filter on all content
    ###SetOutputFilter DEFLATE
    # Insert filter on selected content types only
    #AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript

    # Don't compress images
    #SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary

    # Make sure proxies don't deliver the wrong content
    #Header append Vary User-Agent env=!dont-vary
</IfModule>

<IfModule mod_ssl.c>
    # Make HTTPS env vars available for CGI mode
    SSLOptions StdEnvVars
</IfModule>

<IfModule mod_rewrite.c>
    Options +FollowSymLinks
    RewriteEngine on

    # Prevent serving "hidden" files like git repository
    RewriteCond %{REQUEST_URI} /\.
    RewriteRule ^(.*)$ / [R=404,L]

    # Uncomment next line to enable light API calls processing
    #RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]
    RewriteRule ^api/rest api.php?type=rest [QSA,L]

    # Workaround for HTTP authorization in CGI environment
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # TRACE and TRACK HTTP methods disabled to prevent XSS attacks
    RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
    RewriteRule .* - [L,R=405]

    <IfModule mod_setenvif.c>
        # Enable Developer Mode based on OS environment variable
        SetEnvIfExpr "osenv('MAGE_IS_DEVELOPER_MODE') == '1'" MAGE_IS_DEVELOPER_MODE=1

        <IfModule mod_headers.c>
            # X-Content-Type-Options: nosniff disable content-type sniffing on some browsers.
            Header set X-Content-Type-Options: nosniff

            # This header forces to enables the Cross-site scripting (XSS) filter in browsers (if disabled)
            Header set X-XSS-Protection: "1; mode=block"
        </IfModule>
    </IfModule>

    # Always send 404 on missing files in these folders
    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/

    # Never rewrite for existing files, directories and links
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l

    # Rewrite everything else to index.php
    RewriteRule .* index.php [L]
</IfModule>

# Prevent character encoding issues from server overrides
# If you still have problems, use the second line instead
AddDefaultCharset Off
#AddDefaultCharset UTF-8

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/avif "access plus 1 year"
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType text/x-javascript "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresDefault "access plus 2 days"
</IfModule>

# By default allow all access
Order allow,deny
Allow from all

# Deny access to other project files to prevent disclosure of the installed Magento version or other information
# Only robots.txt and manifest.json should be allowed by default
<FilesMatch (?<!robots)\.txt$>
    Order allow,deny
    Deny from all
</FilesMatch>
<FilesMatch (?<!manifest)\.json$>
    Order allow,deny
    Deny from all
</FilesMatch>
<FilesMatch \.(dist|flag|ip|lock|md|neon|sample|sh|yml|yaml)$>
    Order allow,deny
    Deny from all
</FilesMatch>

# If running in cluster environment, uncomment this
# https://developer.yahoo.com/performance/rules.html#etags
#FileETag none