# ----------------------------------------------------------------------
# | 8G Firewall for Security - Do not change this part @Update 03/2024
# ----------------------------------------------------------------------

# 8G FIREWALL v1.5 20250927
# https://perishablepress.com/8g-firewall/

# 8G:[CORE]
ServerSignature Off
Options -Indexes
RewriteEngine On
RewriteBase /

SetEnv TZ Australia/Hobart
Options +SymLinksIfOwnerMatch

<FilesMatch "(?i)\.(tpl|ini|log)$">
	Require all denied
</FilesMatch>

# Allow Robots.txt to pass through
RewriteRule ^robots.txt - [L]
RewriteCond %{REQUEST_URI} !^(/\.well-known)

RewriteCond %{QUERY_STRING} ^route=common/home$
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^index\.php$ http://%{HTTP_HOST}? [R=301,L]

# ── Block all other dotfiles ───────────────────────────────────────────────
RewriteRule (?:^|/)\. - [F,L]

# ── www → non-www (301) ────────────────────────────────────────────────────
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]

# ── Pass existing .php files directly (prevent vhost modX routing) ─────────
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule \.php$ - [L]
