DirectoryIndex index.php
Options -Indexes

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

<FilesMatch "^\.env">
    Require all denied
</FilesMatch>

<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set Referrer-Policy "same-origin"
    Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule ^api/mcp/user/?(.*)$ api/mcp/user/index.php [QSA,L]
    RewriteRule ^includes/ - [F,L]
</IfModule>
