<IfModule mod_rewrite.c>
    Options +FollowSymLinks -Indexes
    RewriteEngine On
# LOG AND DENY ACCESS TO CORE DIRs
    RewriteRule "^(src|models|views|controllers|includes|forms|templates|sql|classes|settings|uploads|notes|configs|vendor|node_modules)/(.*)$" "index.php?route=/app/home&m=deny&f=$1/$2" [NC,L]
# TRACE and TRACK HTTP methods disabled to prevent XSS attacks
    RewriteCond "%{REQUEST_METHOD}" "^TRAC[EK]"
    RewriteRule ".*" "-" [L,R=405]
# API
# never rewrite for existing files, directories and links
    RewriteCond "%{REQUEST_FILENAME}" "!-f"
    RewriteCond "%{REQUEST_FILENAME}" "!-d"
    RewriteCond "%{REQUEST_FILENAME}" "!-l"
    RewriteRule "^(api|api2)/([^/]*)/([^/]*)/([^/]*)/([^/]*)$" "index.php?project=$2&route=/$3/$4&m=$5&$1=true" [QSA,L]
# Mobile
    RewriteCond "%{HTTP_USER_AGENT}" "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
    RewriteCond "%{REQUEST_FILENAME}" "!-f"
    RewriteCond "%{REQUEST_FILENAME}" "!-d"
    RewriteCond "%{REQUEST_FILENAME}" "!-l"
    RewriteRule "^([^/]*)/([^/]*)/([^/]*)/([^/]*)\.html$" "index.php?project=$1&route=/$2/$3&m=$4&mobile=true" [QSA,L]
# Site
    RewriteCond "%{REQUEST_FILENAME}" "!-f"
    RewriteCond "%{REQUEST_FILENAME}" "!-d"
    RewriteCond "%{REQUEST_FILENAME}" "!-l"
    RewriteRule "^([^/]*)/([^/]*)/([^/]*)/([^/]*)\.html$" "index.php?project=$1&route=/$2/$3&m=$4" [QSA,L]
# always send 404 on missing files in these folders
    RewriteCond "%{REQUEST_FILENAME}" "!-f"
    RewriteCond "%{REQUEST_FILENAME}" "!-d"
    RewriteCond "%{REQUEST_FILENAME}" "!-l"
    RewriteRule "^(assets|skin|js|css|public)/(.*)$" "-" [R=404,L,NS]
# Short Hand Site
    RewriteCond "%{REQUEST_FILENAME}" "!-f"
    RewriteCond "%{REQUEST_FILENAME}" "!-d"
    RewriteCond "%{REQUEST_FILENAME}" "!-l"
    RewriteRule "^([^/]*)/([^/]*)/([^/]*)/$" "index.php?project=$1&route=/$2/$3&m=index" [QSA,L]
# rewrite everything not found to index.php
    RewriteCond "%{REQUEST_FILENAME}" "!-f"
    RewriteCond "%{REQUEST_FILENAME}" "!-d"
    RewriteCond "%{REQUEST_FILENAME}" "!-l"
    RewriteRule ".*" "index.php" [L]
</IfModule>

#ErrorDocument 404 /404.php

<Files *.php>
  Order allow,deny
  Deny from all
</Files>

<Files .gitignore>
  Order allow,deny
  Deny from all
</Files>

<Files *.tpl>
    Header set Content-Type "text/x-handlebars-template; charset=UTF-8"
    AddCharset UTF-8 .tpl
</Files>

<Files index.php>
  Order allow,deny
  Allow from all
</Files>