# Prevent accessing subdirectories not managed by SCM
RewriteRule ^(.git|doxygen|vendor) - [F]
+RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
+RewriteRule ^(.*) - [E=BASE:%1]
+
+RewriteCond %{ENV:REDIRECT_BASE} (.+)
+RewriteRule .* - [E=BASE:%1]
+
# Forward the "Authorization" HTTP header
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^((?!api/)[^/]*)/?(.*)$ $2?%{QUERY_STRING} [E=USERSPACE:$1]
+
+RewriteCond %{ENV:REDIRECT_USERSPACE} (.+)
+RewriteRule .* - [E=USERSPACE:%1]
+
# REST API
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]
+
+<Limit GET POST PUT DELETE OPTIONS>
+ <IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from all
+ Deny from none
+ </IfVersion>
+ </IfModule>
+
+ <IfModule !version_module>
+ Require all granted
+ </IfModule>
+</Limit>
+
+<LimitExcept GET POST PUT DELETE OPTIONS>
+ <IfModule version_module>
+ <IfVersion >= 2.4>
+ Require all denied
+ </IfVersion>
+ <IfVersion < 2.4>
+ Allow from none
+ Deny from all
+ </IfVersion>
+ </IfModule>
+
+ <IfModule !version_module>
+ Require all denied
+ </IfModule>
+</LimitExcept>