RewriteEngine On

# Add these rules to route all requests through index.php
RewriteRule ^$ public/ [L]
RewriteRule (.*) public/$1 [L]

# Prevent access to 'public' directory directly
RewriteCond %{REQUEST_URI} ^/public/
RewriteRule ^(.*)$ - [F,L]

# Prevent directory listing
Options -Indexes

# Additional security
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# Prevent access to sensitive files
<FilesMatch "\.(env|htaccess|htpasswd|ini|log|conf|sh)$">
    Require all denied
</FilesMatch>