# Route anything that isn't a real file or directory to the front controller.
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^ index.php [QSA,L]
</IfModule>

# Don't leak the .env or composer files if someone mis-configures the docroot.
<FilesMatch "^(\.env|composer\.(json|lock))$">
    Require all denied
</FilesMatch>