# Disable directory listing Options -Indexes RewriteEngine On # Prevent accessing subdirectories not managed by SCM RewriteRule ^(.git|doxygen|vendor) - [F] # Forward the "Authorization" HTTP header RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] # REST API RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^ index.php [QSA,L] <Limit GET POST PUT DELETE OPTIONS> <IfModule version_module> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Allow from all Deny from none </IfVersion> </IfModule> <IfModule !version_module> Require all granted </IfModule> </Limit> <LimitExcept GET POST PUT DELETE OPTIONS> <IfModule version_module> <IfVersion >= 2.4> Require all denied </IfVersion> <IfVersion < 2.4> Allow from none Deny from all </IfVersion> </IfModule> <IfModule !version_module> Require all denied </IfModule> </LimitExcept>