# php_value max_execution_time 300000
# php_value max_input_time 120000
# php_value memory_limit 128M
# php_value post_max_size 100M
# php_value upload_max_filesize 100M
# php_value session.gc_maxlifetime 144000

Options -Indexes
Options +FollowSymlinks
<Files .htaccess>
    deny from all
</Files> 
<Files ~ "^(.*)\.(inc|inc\.php|tpl|log)$">
    deny from all
</Files>
<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>


RewriteEngine On
# RewriteBase /webchat

    #### block out some common exploits
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} SELECT(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} UNION(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} UPDATE(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^([^.]*)/?$ index.php [L]

    #### www redirection (in case you need it) ####
# RewriteCond %{HTTP_HOST} ^your-domain.com.com [NC]
# RewriteRule ^(.*)$ http://www.your-domain.com/$1 [L,R=301]

    #### non www redirection (in case you need it) ####
# RewriteCond %{HTTP_HOST} ^your-domain.com [NC]
# RewriteRule ^(.*)$ http://your-domain.com/$1 [L,R=301]

    #### Image Hotlink Protection ####
# RewriteCond %{HTTP_REFERER} !^$
# RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?your-domain.com [NC]
# RewriteRule \.(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_URI}  ^/logout
RewriteRule ^logout index.php?actions=logout [L,QSA]
