<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    # Allow direct access to files that actually exist in the public directory
    RewriteCond %{DOCUMENT_ROOT}/public/$1 -f
    RewriteRule ^(.*)$ public/$1 [L]

    RewriteCond %{DOCUMENT_ROOT}/public/$1 -d
    RewriteRule ^(.*)$ public/$1/ [L]

    # Block direct access to sensitive directories
    RewriteRule ^(app|bootstrap|config|database|resources|routes)/ - [F,L]

    # Everything else goes through the front controller
    RewriteRule ^ public/index.php [QSA,L]
</IfModule>

DirectoryIndex public/index.php