From 7bff4a2d800989550f4f962c193ca2b42278f250 Mon Sep 17 00:00:00 2001
From: Thasan <thasan@koodaa.net>
Date: Fri, 30 Oct 2015 14:36:40 +0200
Subject: [PATCH] Allowing access only to index.php, admin.php, api.php and
 assets folder

---
 .htaccess | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/.htaccess b/.htaccess
index 93eba0a..200123c 100644
--- a/.htaccess
+++ b/.htaccess
@@ -3,21 +3,12 @@
 
 <IfModule mod_authz_host.c>
   Require all granted
-
-  <Files flarum/*>
-    Require all denied	  
-  </Files>
 </IfModule>
 <IfModule !mod_authz_host.c>
   Order Allow,Deny
   Allow from all
-
-  <Files flarum/*>
-    Deny from All
-  </Files>
 </IfModule>
 
-
 <IfModule mod_rewrite.c>
   RewriteEngine on
 
@@ -26,12 +17,13 @@
   RewriteRule ^api(.*)$ api.php [QSA,L]
   RewriteRule ^admin(.*)$ admin.php [QSA,L]
 
-  RewriteCond %{REQUEST_FILENAME} !-f
-  RewriteCond %{REQUEST_FILENAME} !-d
-  RewriteRule ^(.*)$ index.php [QSA,L]
+  RewriteRule !^assets index.php [QSA,L]
   
   # MultiViews can mess up our rewriting scheme
   Options -MultiViews
+
+  # Autoindex will list all assets files which is not so good
+  Options -Indexes
 </IfModule>
 
 <IfModule mod_deflate.c>