<pre class="lang:default decode:true " >RewriteEngine On
RewriteBase /

## direct all http to https
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
</pre> 

<pre class="lang:default decode:true " >RewriteEngine On
## rewrite query string to path
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^/?test/(.*?)/?$ /test.php?name=$1 [L]

</pre> 

<pre class="lang:default decode:true " >
RewriteEngine On

## Block the file access
RedirectMatch 403 ^/image/file$
RedirectMatch 403 ^/file.jpg$
RedirectMatch 403 ^/image/file.jpg$
</pre> 

<pre class="lang:default decode:true " >RewriteEngine On

## Redirect weird URL to index
## e.g. www.abcdefg.com/folder/test.php/12345
RewriteRule ^(.*).php/(.*) /index.php [R=301,L]
</pre> 

<pre class="lang:default decode:true " >RewriteEngine On

## Normal Security Policy
<IfModule mod_headers.c>
	Header always append X-Frame-Options SAMEORIGIN // DENY | SAMEORIGIN | https://www.yourdomain.com
	Header set X-XSS-Protection "1; mode=block"
	Header set X-Content-Type-Options "nosniff"
	Header unset X-Forwarded-Host
	Header always set Content-Security-Policy "upgrade-insecure-requests;"
	Header set Access-Control-Allow-Origin "*" // * | https://www.yourdomain.com
	Header set Access-Control-Allow-Methods: "POST, GET" // PUT, POST, GET, OPTIONS, DELETE
	Header set Access-Control-Allow-Headers: "Oring, X-Requested-With, Content-Type, Authorization" // Oring, X-Requested-With, Content-Type, Accept, Authorization
</IfModule>

</pre>

[PHP] .htaccess