DirectorySlash Off

# Block direct access to content source files
<FilesMatch "\.(ini|md|html|php)$">
    # Allow only the entry point
    <If "%{REQUEST_URI} != '/index.php'">
        Require all denied
    </If>
</FilesMatch>

# Security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "DENY"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
    Header set Permissions-Policy "camera=(), microphone=(), geolocation=()"
    Header unset X-Powered-By
    Header always unset X-Powered-By
</IfModule>

# Restrict HTTP methods to GET, POST, HEAD
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)$ [NC]
    RewriteRule .* - [F,L]

    # Route /app requests to index.php
    RewriteCond %{REQUEST_URI} ^/app/
    RewriteRule ^(.*)$ /index.php [L,QSA]

    # Don't rewrite if file exists
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^(.*)$ /index.php [L,QSA]
</IfModule>

# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php8_module>
   php_value date.timezone "Europe/Paris"
</IfModule>
<IfModule lsapi_module>
   php_value date.timezone "Europe/Paris"
</IfModule>
# END cPanel-generated php ini directives, do not edit

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “alt-php84” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-alt-php84 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit