# Define some error documents
ErrorDocument 401 "Access Forbidden"
ErrorDocument 403 {BASE_DIR}error_document?code=403
ErrorDocument 404 {BASE_DIR}error_document?code=404
ErrorDocument 410 {BASE_DIR}error_document?code=410
ErrorDocument 500 "Internal Server Error"

# Deny showing indexes for directory content - Uncomment if supported by you web host
#Options -Indexes

# URL-rewriting
<IfModule mod_rewrite.c>
  RewriteEngine on

  # Tell PHP that the mod_rewrite module is enabled
  <IfModule mod_env.c>
    SetEnv MOD_REWRITE On
  </IfModule>

  # Force HTTPS (Standard SSL)
  #RewriteCond %{HTTPS} off
  #RewriteCond %{REQUEST_METHOD} !=POST
  #RewriteCond %{REQUEST_URI} !^/\.well-known/
  #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  # Force HTTPS (Proxy Servers, Load Balancing Servers, CloudFlare Flexi SSL)
  #RewriteCond %{HTTPS} off
  #RewriteCond %{HTTP:X-Forwarded-Proto} =http
  #RewriteCond %{REQUEST_METHOD} !=POST
  #RewriteCond %{REQUEST_URI} !^/\.well-known/
  #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  # Redirect non-www to www
  #RewriteCond %{HTTP_HOST} !^www\.
  #RewriteCond %{REQUEST_METHOD} !=POST
  #RewriteCond %{REQUEST_URI} !^/\.well-known/
  #RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  # Redirect www to non-www
  #RewriteCond %{HTTP_HOST} ^www\.(.*)$
  #RewriteCond %{REQUEST_METHOD} !=POST
  #RewriteCond %{REQUEST_URI} !^/\.well-known/
  #RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

  # Redirect from any alias domain to primary domain
  #RewriteCond %{HTTP_HOST} !^www\.mydomain\.com
  #RewriteCond %{REQUEST_METHOD} !=POST
  #RewriteCond %{REQUEST_URI} !^/\.well-known/
  #RewriteRule ^ https://www.mydomain.com%{REQUEST_URI} [R=301,L]

  # Web path to application root
  RewriteBase {BASE_DIR}

  # No rewrite logic for physical files
  RewriteCond %{REQUEST_FILENAME} -d [OR]
  RewriteCond %{REQUEST_FILENAME} -f [OR]
  RewriteCond %{REQUEST_FILENAME} -l
  RewriteRule ^ - [L]

  RewriteRule ^ index.php [QSA,L]
</IfModule>

# Deny access to content
<FilesMatch "\.(htaccess|htpasswd|inc\.php)$">
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order Deny,Allow
    Deny from all
  </IfModule>
</FilesMatch>

# Cacheable external content
<IfModule mod_headers.c>
  <FilesMatch "\.(a?png|avif|bmp|css|eot|gif|ico|jpe?g|jp2|js|otf|pdf|svg|tiff?|ttf|webp|woff2?)$">
    Header set Cache-Control "max-age=604800, public, must-revalidate"
  </FilesMatch>
</IfModule>

# GZip compress external content
<IfModule mod_deflate.c>
  <FilesMatch "\.(css|js|svg)$">
    SetOutputFilter DEFLATE
  </FilesMatch>
</IfModule>
