# In case you want to add a .htpasswd authentification
# you'll have to add the host of the shop as an allowed entity,
# so that calls from the host skip the authentification
# Example:
# Order Deny,Allow
# Deny from All
# AuthType Basic
# AuthName "Access not allowed"
# AuthUserFile path_to_htpasswd_file/.htpasswd
# Require valid-user
# Allow from localhost
# Satisfy Any
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} config.inc.php [NC]
RewriteRule ^config.inc.php index.php [R=301,L]
RewriteCond %{QUERY_STRING} fnc=(getShopVersion|getShopEdition|getRevision) [NC]
RewriteRule ^(.*)$ $1? [R=301,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
RewriteCond %{REQUEST_URI} oxseo.php$
RewriteCond %{QUERY_STRING} mod_rewrite_module_is=off
RewriteRule oxseo.php$ oxseo.php?mod_rewrite_module_is=on [L]
RewriteCond %{REQUEST_URI} !(/admin/|/core/|/application/|/export/|/modules/|/out/|/setup/|/tmp/|/views/)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule !(.html|/|.jpg|.css|.pdf|.doc|.gif|.png|.js|.htc|.svg)$ %{REQUEST_URI}/ [R=301,L]
RewriteCond %{REQUEST_URI} !(/admin/|/core/|/application/|/export/|/modules/|/out/|/setup/|/tmp/|/views/)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.html|/)$ oxseo.php
RewriteCond %{REQUEST_URI} (/out/pictures/generated/)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.jpe?g|.gif|.png|.svg)$ getimg.php
</IfModule>
# Deny access to console application entry point from HTTP
<Files "oxid">
order allow,deny
deny from all
</Files>
# disabling log file access from outside
<FilesMatch "(EXCEPTION_LOG.txt|.log|.tpl|pkg.rev|.ini|pkg.info|.pem)$">
order allow,deny
deny from all
</FilesMatch>
# Prevent .ht* files from being sended to outside requests
<Files ~ "^.ht">
Order allow,deny
Deny from all
</Files>
Options -Indexes
DirectoryIndex index.php index.html