.htaccess

RewriteEngine on

# Some hosts require a rewritebase rule, if so, uncomment the RewriteBase line below. If you are running from a subdirectory, your rewritebase should match the name of the path to where stacey is stored.
# ie. if in a folder named 'stacey', RewriteBase /stacey
#RewriteBase /

ErrorDocument 404 /404.html

# Rewrite any calls to *.html, *.json, *.xml, *.atom, *.rss, *.rdf or *.txt if a folder matching * exists
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !public/
RewriteCond %{DOCUMENT_ROOT}/public/$1.$2 !-f
RewriteRule (.+)\.(html|json|xml|atom|rss|rdf|txt)$ $1/ [L]

# Add a trailing slash to directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(\.|\?)
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ([^/]+)$ $1/ [L]

# Rewrite any calls to /render to the image parser
RewriteCond %{REQUEST_URI} render/
RewriteRule ^render/. app/parsers/slir/ [L]

# Rewrite any calls to /* or /app to the index.php file
RewriteCond %{REQUEST_URI} /app/$
RewriteRule ^app/ index.php [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ index.php?/$1/ [L,QSA]

# Rewrite any file calls to the public directory
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !public/
RewriteRule ^(.+)$ public/$1 [L]

# Allow basic authentication
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Prevent access to .txt files
<Files ~ "\.txt$">
  Order allow,deny
  Deny from all
</Files>

# Increase cookie security
<IfModule php5_module>
  php_value session.cookie_httponly true
</IfModule>