<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Block unauthorized redirections on the login page
    RewriteCond %{REQUEST_URI} ^/login$ [NC]  # Match the login page URL
    RewriteCond %{QUERY_STRING} envato\.appbusket\.com [NC,OR]  # Block query strings referencing envato.appbusket.com
    RewriteCond %{HTTP_REFERER} envato\.appbusket\.com [NC,OR]  # Block referrers referencing envato.appbusket.com
    RewriteCond %{THE_REQUEST} envato\.appbusket\.com [NC]  # Block requests containing envato.appbusket.com
    RewriteRule ^ - [F,L]  # Forbid access if any condition matches

    # Block direct access to license.js
    RewriteCond %{QUERY_STRING} license\.js [NC]
    RewriteRule ^ - [F,L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

# Add Content Security Policy (CSP) ONLY for the login page
<IfModule mod_headers.c>
    <Files "login">
        Header always set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' https://trusted-cdn.com;"
        Header always set Referrer-Policy "no-referrer"
    </Files>
</IfModule>

# Prevent directory listing
Options -Indexes

# Prevent access to sensitive files
<FilesMatch "\.(htaccess|ini|log|conf)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php82” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php82 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

• [D] .cagefs
• [D] .caldav
• [D] .cl.selector
• [D] .config
• [D] .cpanel
• [D] .htpasswds
• [D] .koality
• [D] .npm
• [D] .razor
• [D] .softaculous
• [D] .spamassassin
• [D] .subaccounts
• [D] .trash
• [D] .wp-cli
• [D] access-logs
• [D] agiza.evuvo.co.ke
• [D] app.secaapital.co.ke
• [D] app.secapital.co.ke
• [D] demo.secapital.co.ke
• [D] etc
• [D] evuvo.co.ke
• [D] fh.evuvo.co.ke
• [D] fineplast.evuvo.co.ke
• [D] hd.evuvo.co.ke
• [D] hela.evuvo.co.ke
• [D] hm.secapital.co.ke
• [D] hub.evuvo.co.ke
• [D] kk.evuvo.co.ke
• [D] kp.evuvo.co.ke
• [D] kps.evuvo.co.ke
• [D] ks.evuvo.co.ke
• [D] lend.evuvo.co.ke
• [D] Lendapp
• [D] lendplus.evuvo.co.ke
• [D] lendy.secapital.co.ke
• [D] lendyapp
• [D] logs
• [D] lscache
• [D] mail
• [D] mg.evuvo.co.ke
• [D] nodevenv
• [D] pos.evuvo.co.ke
• [D] public_ftp
• [D] public_html
• [D] qadmin.evuvo.co.ke
• [D] qapp.evuvo.co.ke
• [D] repositories
• [D] res.evuvo.co.ke
• [D] respos.evuvo.co.ke
• [D] rest.evuvo.co.ke
• [D] sc.secapital.co.ke
• [D] seapp
• [D] seapp.secapital.co.ke
• [D] selendy
• [D] semfi.evuvo.co.ke
• [D] ssl
• [D] test.secapital.co.ke
• [D] test2.secapital.co.ke
• [D] testy
• [D] tmp
• [D] wordpress-backups
• [D] ws.evuvo.co.ke
• [D] www
• [F] .bash_logout
  Delete
• [F] .bash_profile
  Delete
• [F] .bashrc
  Delete
• [F] .gemrc
  Delete
• [F] .imunify_patch_id
  Delete
• [F] .lastlogin
  Delete
• [F] .myimunify_id
  Delete
• [F] .spamassassinboxenable
  Delete
• [F] .spamassassinenable
  Delete
• [F] .wp-toolkit-identifier
  Delete
• [F] agiza.evuvo.co.ke.zip
  Delete
• [F] app.evuvo.co.ke
  Delete
• [F] error_log
  Delete
• [F] fh.secapital.co.ke
  Delete
• [F] lend.secapital.co.ke
  Delete
• [F] lendy.evuvo.co.ke
  Delete
• [F] was.evuvo.co.ke
  Delete
• [F] ziATSHpa
  Delete