<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript
</IfModule>

<IfModule mod_security.c>
  SecRuleEngine Off
  SecFilterInheritance Off
  SecFilterEngine Off
  SecFilterScanPOST Off
  SecFilterCheckURLEncoding Off
</IfModule>

<IfModule mod_expires.c>
  ExpiresActive On

  # Images
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/webp "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType image/x-icon "access plus 1 year"

  # Video
  ExpiresByType video/mp4 "access plus 1 year"
  ExpiresByType video/mpeg "access plus 1 year"

  # CSS, JavaScript
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType text/javascript "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"

  # Others
  ExpiresByType application/pdf "access plus 1 month"
  ExpiresByType application/x-shockwave-flash "access plus 1 month"

    # fonts
  ExpiresByType font/woff "access plus 1 month"
  ExpiresByType font/woff2 "access plus 1 month"
  ExpiresByType application/x-font-woff "access plus 1 month"
  ExpiresByType font/ttf "access plus 1 month"
  ExpiresByType font/eot "access plus 1 month"
  ExpiresByType font/otf "access plus 1 month"

</IfModule>

<Files ~ "\.(scss|sass|less|postcss)$">
ForceType 'text/css; charset=UTF-8'
</Files>



<IfModule mod_rewrite.c>

    <IfModule mod_negotiation.c>
    Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On


    RewriteCond %{REQUEST_URI} ^/public/.*\.php$ [NC]
    RewriteRule ^ - [F]

    RewriteCond %{REQUEST_URI} ^/userfiles/standalone-update/.*\.php$ [NC]
    RewriteRule ^ - [L]

    RewriteCond %{REQUEST_URI} !^/\.well-known
    RewriteRule "(^|/)\." - [F]

    RewriteRule ^app/(.*)?$ / [F,L]
    RewriteRule ^vendor/(.*)?$ / [F,L]
    RewriteRule ^src/(.*)?$ / [F,L]
    RewriteRule ^storage/(.*)?$ / [F,L]
    RewriteRule ^database/(.*)?$ / [F,L]
    RewriteRule ^config/(.*)?$ / [F,L]
    RewriteRule ^bootstrap/(.*)?$ / [F,L]
    RewriteRule ^tests/(.*)?$ / [F,L]
    RewriteRule ^composer\.(lock|json)$ / [F,L]




    RewriteRule ^userfiles/modules/.*\.php$ - [F,L]
    RewriteRule ^userfiles/templates/.*\.php$ - [F,L]




    RewriteCond %{REQUEST_URI} ^/userfiles/.*$ [NC,OR]
    RewriteCond %{REQUEST_URI} ^/userfiles/media/.*$ [NC]
    RewriteRule . - [PT,L]

    ErrorDocument 404 /404.html


    RewriteCond %{HTTP:Authorization} ^(.+)$
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]



    RewriteCond %{REQUEST_URI} !=/favicon.ico
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
   # RewriteRule ^(.*)$ index.php [NC,L]
    RewriteRule ^(.*)$ index.php [QSA,L]
    RedirectMatch 404 /\\.git(/|$)
    RedirectMatch 404 /\\.env(/|$)

</IfModule>

<FilesMatch "phpunit.xml|composer.lock|\.(dist|db|markdown|md|twig|yaml|yml)|(bower|composer|jsdoc|package|auth)\.json$">
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
  </IfModule>
</FilesMatch>

#RedirectMatch 404 /(vendor|gulp|src|storage|database|config|bootstrap|tests)(/|$)
