<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php [L] </IfModule> # Prevent access to sensitive files <FilesMatch "\.(env|json|log|txt|ini|sh|config|bak|old|swp|sql|dist)$"> Order Allow,Deny Deny from all </FilesMatch> # Disable directory listing Options -Indexes # Protect sensitive directories <DirectoryMatch "/(storage|bootstrap|config|database|resources)/"> Order Deny,Allow Deny from all </DirectoryMatch> # Prevent access to Git and version control files <FilesMatch "(\.git|\.svn|\.hg|\.bzr|_darcs|CVS|\.DS_Store|Thumbs\.db|node_modules)"> Order Deny,Allow Deny from all </FilesMatch> # Security Headers <IfModule mod_headers.c> Header set X-Frame-Options "DENY" Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header always set Referrer-Policy "no-referrer-when-downgrade" Header always set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self';" </IfModule> # Prevent PHP execution in specific directories <Directory "storage"> <FilesMatch "\.php$"> Deny from all </FilesMatch> </Directory> <Directory "bootstrap/cache"> <FilesMatch "\.php$"> Deny from all </FilesMatch> </Directory>