<IfModule mod_rewrite.c>
RewriteEngine On

RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule \.(?:well-known) - [L]

RewriteRule ^(vendor|storage|config|app|.env|composer\.json|composer\.lock|schema\.sql|robots\.txt|README\.md) - [L,NC]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ public/index.php [QSA,L]

</IfModule>

<IfModule mod_headers.c>
Header always set X-Robots-Tag "noindex, nofollow, noarchive"
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
</IfModule>

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType image/png "access plus 6 months"
ExpiresByType image/jpeg "access plus 6 months"
ExpiresByType image/gif "access plus 6 months"
ExpiresByType image/svg+xml "access plus 6 months"
</IfModule>

Options -Indexes

<FilesMatch "\.env$|\.gitignore|composer\.json$|composer\.lock$|schema\.sql$">
    Require all denied
</FilesMatch>
