Testing article
# Use mod_rewrite to enable "Clean URLs"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Allow PUT, DELETE, OPTIONS methods (OJS API needs this)
RewriteCond %{REQUEST_METHOD} ^(PUT|DELETE|OPTIONS)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect index.php requests to remove it from URL
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [QSA,L]
</IfModule>
# Allow additional HTTP methods explicitly
<LimitExcept GET POST PUT DELETE OPTIONS>
Deny from all
</LimitExcept>
# Protect sensitive files
<FilesMatch "\.(htaccess|htpasswd|ini|log|conf|env)$">
Order Allow,Deny
Deny from all
</FilesMatch>
# Prevent directory browsing
Options -Indexes
# Optional: Basic security headers
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
</IfModule>