Deny from all RewriteEngine on #RewriteCond %{HTTPS} !^on$ #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # if a directory or a file exists, use it directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # otherwise forward it to index.php RewriteRule . index.php