# Disable directory listing
Options -Indexes

RewriteEngine On

# Prevent accessing subdirectories not managed by SCM
RewriteRule ^(.git|doxygen|vendor) - [F]

# Forward the "Authorization" HTTP header
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

# REST API
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]

<Limit GET POST PUT DELETE OPTIONS>
  <IfModule version_module>
    <IfVersion >= 2.4>
       Require all granted
    </IfVersion>
    <IfVersion < 2.4>
       Allow from all
       Deny from none
    </IfVersion>
  </IfModule>

  <IfModule !version_module>
    Require all granted
  </IfModule>
</Limit>

<LimitExcept GET POST PUT DELETE OPTIONS>
  <IfModule version_module>
    <IfVersion >= 2.4>
       Require all denied
    </IfVersion>
    <IfVersion < 2.4>
       Allow from none
       Deny from all
    </IfVersion>
  </IfModule>

  <IfModule !version_module>
    Require all denied
  </IfModule>
</LimitExcept>