# Extra Security Headers
<IfModule mod_headers.c>
	Header set X-XSS-Protection "1; mode=block"
	Header always append X-Frame-Options SAMEORIGIN
	Header set X-Content-Type-Options nosniff
	Header unset X-Powered-By
</IfModule>
<IfModule mod_rewrite.c>

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]


	RewriteEngine On
	RewriteBase /portal

	# Force to exclude the trailing slash
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_URI} (.*)/$
	RewriteRule ^(.+)/$ $1 [R=307,L]

	# Restrict php files direct access
	RewriteCond %{THE_REQUEST} ^.+?\ [^?]+\.php[?\ ]
	RewriteRule \.php$ - [F]

	# Allow any files or directories that exist to be displayed directly
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d

	RewriteRule ^(.*)$ index.php?$1 [QSA,L]
    php_flag session.cookie_httponly on
    Options -Indexes
    Options -MultiViews


</IfModule>
