# Deny access to .env file if using Apache
<Files ".env">
  Require all denied
</Files> 

Options -MultiViews

<IfModule mod_rewrite.c>
  RewriteEngine On

  # Protect PDF signing certificate/private key storage.
  RewriteRule ^app/private/ - [F,L]

  # Show the app root instead of index.php in the browser address bar.
  RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$ [NC]
  RewriteCond %{THE_REQUEST} \s/+(.*/)?index\.php[?\s] [NC]
  RewriteRule ^index\.php$ /%1 [R=301,L,NE]

  # Redirect direct .php page requests to extensionless URLs.
  RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$ [NC]
  RewriteCond %{THE_REQUEST} \s/+(.+?)\.php[?\s] [NC]
  RewriteRule ^(.+)\.php$ /%1 [R=301,L,NE]

  # Serve extensionless URLs from matching PHP files.
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME}.php -f
  RewriteRule ^(.+?)/?$ $1.php [L,QSA]
</IfModule>
