# Disable directory listing
Options -Indexes

RewriteEngine On

# Prevent accessing subdirectories not managed by SCM
RewriteRule ^(.git|doxygen|vendor) - [F]

RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]

RewriteCond %{ENV:REDIRECT_BASE} (.+)
RewriteRule .* - [E=BASE:%1]

# Forward the "Authorization" HTTP header
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^((?!api/)[^/]*)/?(.*)$ $2?%{QUERY_STRING} [E=USERSPACE:$1]

RewriteCond %{ENV:REDIRECT_USERSPACE} (.+)
RewriteRule .* - [E=USERSPACE:%1]

# REST API
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]

<Limit GET POST PUT DELETE OPTIONS>
  <IfModule version_module>
    <IfVersion >= 2.4>
       Require all granted
    </IfVersion>
    <IfVersion < 2.4>
       Allow from all
       Deny from none
    </IfVersion>
  </IfModule>

  <IfModule !version_module>
    Require all granted
  </IfModule>
</Limit>

<LimitExcept GET POST PUT DELETE OPTIONS>
  <IfModule version_module>
    <IfVersion >= 2.4>
       Require all denied
    </IfVersion>
    <IfVersion < 2.4>
       Allow from none
       Deny from all
    </IfVersion>
  </IfModule>

  <IfModule !version_module>
    Require all denied
  </IfModule>
</LimitExcept>