### File security
# Exclude direct access to tpl, tpl.xml, inc.php, sql extensions
#
<Files ~ "\.(tpl|tpl.xml|inc.php|sql)$">
  order allow,deny
  deny from all
</Files>

# Exclude direct access
<Files ~ "(config.php|debug.php)">
  order allow,deny
  deny from all
</Files>

## Enable mod-rewrite
RewriteEngine On

###### Rewrite rules to block common hacks
## If you experience problems comment out the operations listed below
## Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
## Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
## Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
## Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
## Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]

## Uncomment line below if FollowSymLinks option is not enabled
## by default in server configuration
#
# Options +FollowSymLinks

## Uncomment following line if your webserver's URL
## is not directly related to physical file paths.
## Update Your In-Portal Directory (just / for root)
#
# RewriteBase /

## In-Portal SEF URLs
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/ !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_URI} !\.(gif|jpg|png|js|css|ico|swf)$ [NC]
RewriteRule ^(.*) index.php?rewrite=on&_mod_rw_url_=$1 [QSA]