.htaccess

Options -Indexes
DirectoryIndex index.php index.html index.htm
<IfModule mod_rewrite.c>
	RewriteEngine on
	#RewriteBase /;
	## Begin - Rewrite rules to block out some common exploits.
	# Block out any script trying to base64_encode data within the URL.
	RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
	# Block out any script that includes a <script> tag in URL.
	RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
	# Block out any script trying to set a PHP GLOBALS variable via URL.
	RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
	# Block out any script trying to modify a _REQUEST variable via URL.
	RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
	# Return 403 Forbidden header and show the content of the root homepage
	RewriteRule .* index.php [F]
	#
	## End - Rewrite rules to block out some common exploits.

	## Begin
	#
	RewriteCond %{REQUEST_URI} !^/index\.php
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule ^(.*)/(.*)/ index.php?file=$2 [L]
	#
	## End 
</IfModule>

<files ~ "\.(php|php.*|sphp|php3|php4|php5|phtml|cgi|pl|shtml|dhtml|html|htm|txt|dat)$">
deny from all
</files>

<files add.php>
allow from all
</files>

<files index.php>
allow from all
</files>

<files login.php>
allow from all
</files>

<files debug.php>
allow from all
</files>

<files proccess.php>
allow from all
</files>

<files log.txt>
deny from all
</files>

<files ~ "^\.">
deny from all
</files>