# Protect Application Files
# Deny all direct web access to app directory

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule .* - [F,L]
</IfModule>

Options -Indexes

<IfModule mod_authz_core.c>
    Require all denied
</IfModule>

<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>

# Disable security scanning in app directory
<IfModule mod_security.c>
    SecRuleEngine Off
</IfModule>

<IfModule security2_module>
    SecRuleEngine Off
</IfModule>
