.htaccess

   1 # Disable directory listing
   2 Options -Indexes
   3
   4 RewriteEngine On
   5
   6 # Prevent accessing subdirectories not managed by SCM
   7 RewriteRule ^(.git|doxygen|vendor) - [F]
   8
   9 # Forward the "Authorization" HTTP header
  10 # fixes JWT token not correctly forwarded on some Apache/FastCGI setups
  11 RewriteCond %{HTTP:Authorization} ^(.*)
  12 RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
  13
  14 # REST API
  15 RewriteCond %{REQUEST_FILENAME} !-f
  16 RewriteCond %{REQUEST_FILENAME} !-d
  17 RewriteRule ^ index.php [QSA,L]
  18
  19 <LimitExcept GET POST PUT DELETE PATCH OPTIONS>
  20   <IfModule version_module>
  21     <IfVersion >= 2.4>
  22        Require all denied
  23     </IfVersion>
  24     <IfVersion < 2.4>
  25        Allow from none
  26        Deny from all
  27     </IfVersion>
  28   </IfModule>
  29
  30   <IfModule !version_module>
  31     Require all denied
  32   </IfModule>
  33 </LimitExcept>