Header append X-FRAME-OPTIONS "SAMEORIGIN"
<IfModule mod_rewrite.c>

#RewriteEngine On
#RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]


	RewriteEngine On
	RewriteBase /portal

	# Force to exclude the trailing slash
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_URI} (.*)/$
	RewriteRule ^(.+)/$ $1 [R=307,L]

	# Restrict php files direct access
	RewriteCond %{THE_REQUEST} ^.+?\ [^?]+\.php[?\ ]
	RewriteRule \.php$ - [F]

	# Allow any files or directories that exist to be displayed directly
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d

	RewriteRule ^(.*)$ index.php?$1 [QSA,L]
    php_flag session.cookie_httponly on
    Options -Indexes
    Options -MultiViews


</IfModule>
