##PREVENTING EXPLOITS
#$HTTP["querystring"] =~ "base64_encode[^(]*\([^)]*\)" {
#    url.redirect = (".*" => "/index.php"       )
#}
#$HTTP["querystring"] =~ "(<|%3C)([^s]*s)+cript.*(>|%3E)" {
#    url.redirect = (".*" => "/index.php" )
#}
#$HTTP["querystring"] =~ "GLOBALS(=|\[|\%[0-9A-Z])" {
#    url.redirect = (".*" => "/index.php" )
#}
#$HTTP["querystring"] =~ "_REQUEST(=|\[|\%[0-9A-Z])" {
#    url.redirect = (".*" => "/index.php" )
#}

#REROUTING TO THE INDEX PAGE
url.rewrite-if-not-file = (
    "^/(.*)$" => "/index.php/$1"
)

##IMPROVING SECURITY
#$HTTP["url"] =~ "^/(LICENSE.txt|composer.json|composer.lock|nginx.conf|web.config)$" {
#    url.access-deny = ("")
#}
#$HTTP["url"] =~ "^/(.git|cache|bin|logs|backup|tests)/(.*)" {
#    url.access-deny = ("")
#}
#$HTTP["url"] =~ "^/(system|user|vendor)/(.*)\.(txt|md|html|yaml|php|twig|sh|bat)$" {
#    url.access-deny = ("")
#}
#$HTTP["url"] =~ "^/(\.(.*))" {
#    url.access-deny = ("")
#}
#url.access-deny = (".md","~",".inc")

#PREVENT BROWSING AND SET INDEXES
$HTTP["url"] =~ "^/($|/)" {
    dir-listing.activate = "disable"
    index-file.names = ( "index.php", "index.html" , "index.htm" )
}