From ffa5b4ddb7fa8ad620d7e07c7a4ec3a88239f3b9 Mon Sep 17 00:00:00 2001
From: FrancescoUK <francesco.lodolo.uk@gmail.com>
Date: Thu, 8 Sep 2016 18:11:42 +0100
Subject: [PATCH] Update .htaccess to cover subdomain cases and protect dir
 content (#624)

---
 public/.htaccess | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)

diff --git a/public/.htaccess b/public/.htaccess
index e90dff92a..a214205df 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -1,4 +1,38 @@
 RewriteEngine On
+
+# To redirect a subdomain to a subdir because of https not supporting wildcards
+# replace values between <> with your ones
+# RewriteCond %{HTTP_HOST} ^<OSPOS subdomain>\.<my web domain>\.com$ [OR]
+# RewriteCond %{HTTP_HOST} ^www\.<OSPOS subdomain>\.<my web domain>\.com$
+# RewriteRule ^/?$ "https\:\/\/www\.<my web domain>\.com\/<OSPOS path>" [R=301,L]
+
+# To rewrite "domain.com -> www.domain.com" uncomment the following lines.
+# RewriteCond %{HTTPS} !=on
+# RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
+# RewriteCond %{HTTP_HOST} (.+)$ [NC]
+# RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]
+
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
-RewriteRule ^(.*)$ index.php/$1 [L]
+# if in web root
+RewriteRule ^(.*)$ index.php?/$1 [L]
+# if in subdir comment above line, uncomment below one and replace <OSPOS path> with your path
+# RewriteRule ^(.*)$ /<OSPOS path>/public/index.php?/$1 [L]
+
+# disable directory browsing
+# For security reasons, Option all cannot be overridden.
+#Options All -Indexes
+Options +ExecCGI +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes
+
+# secure htaccess file
+<Files .htaccess>
+  Order allow,deny
+  Deny from all
+</Files>
+
+<IfModule mod_expires.c>
+  <FilesMatch "\.(jpe?g|png|gif|js|css)$">
+    ExpiresActive On
+    ExpiresDefault "access plus 1 week"
+  </FilesMatch>
+</IfModule>
\ No newline at end of file