# ===========================================================================
# Use this file ONLY when the document root is the PROJECT ROOT (the common
# cPanel case: you uploaded everything into public_html). It forwards all
# traffic into the public/ folder so the front controller can handle routing.
#
# If you instead set your domain's Document Root directly to the public/
# folder, this file is not needed.
# ===========================================================================

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Allow the installer to be reached directly
    RewriteRule ^setup\.php$ - [L]

    # Do not re-forward requests that are already inside public/
    RewriteRule ^public/ - [L]

    # Forward everything else into public/
    RewriteRule ^(.*)$ public/$1 [L]
</IfModule>

# Block direct access to sensitive files
<FilesMatch "(^\.env$|\.sql$|\.log$|composer\.(json|lock))">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</FilesMatch>
