Options -Indexes
AddType application/x-java-archive .jar
AddType audio/ogg .oga
#SSLCipherSuite HIGH:AES256-SHA:AES128-SHA:RC4:!aNULL:!eNULL:!EDH

# don't allow any web access to logfiles, even after rotation/compression
<FilesMatch "\.(out|log|gz)$">
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
  <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
  </IfModule>
</FilesMatch>

<IfModule mod_rewrite.c>
  RewriteEngine on
  # Protect repository directory from browsing
  RewriteRule "(^|/)\.git" - [F]
  RewriteRule "(^|/)store" - [F]

  # Rewrite current-style URLs of the form 'index.php?q=x'.
  # Also place auth information into REMOTE_USER for sites running
  # in CGI mode.

  RewriteCond %{REQUEST_URI} ^/\.well\-known/.*
  RewriteRule ^(.*)$ index.php?q=$1 "[E=REMOTE_USER:%{HTTP:Authorization},L,QSA,B= ?]"

  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?q=$1 "[E=REMOTE_USER:%{HTTP:Authorization},L,QSA,B= ?]"
</IfModule>