diff --git a/.htaccess b/.htaccess
index fa03281f36..addf8fbad9 100755
--- a/.htaccess
+++ b/.htaccess
@@ -1,14 +1,18 @@
-# redirect to public page
-  <IfModule mod_rewrite.c>
-    RewriteEngine On
-    RewriteCond %{REQUEST_URI} !^public$
-    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
-    RewriteRule "^(.*)$" "/public/" [R=301,L]
-  </IfModule>
+
+## by default opensourcepos uses only apache2 rules and close related tricks.. 
+## if you already wants that uncomment those lines 
+## and property setup rewrite path (if you do not hijacked root webserver)
+## due all are redirect to public page in public directory for security issues
+#  <IfModule mod_rewrite.c>
+#    RewriteEngine On
+#    RewriteCond %{REQUEST_URI} !^public$
+#    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
+#    RewriteRule "^(.*)$" "/public/" [R=301,L]
+#  </IfModule>
 
 # disable directory browsing
 # For security reasons, Option all cannot be overridden.
-Options +SymLinksIfOwnerMatch -Indexes
+Options +Includes +IncludesNOEXEC +SymLinksIfOwnerMatch -Indexes
 
 # prevent folder listing
 IndexIgnore *
diff --git a/index.php b/index.php
new file mode 100644
index 0000000000..1e0da29382
--- /dev/null
+++ b/index.php
@@ -0,0 +1,12 @@
+<?php 
+header('Location: public/index.php', true, 301);
+die();
+/*
+exit() is to prevent the page from showing up the remaining content (think restricted pages). 
+it has nothing to do with the HTTP Location header and you don't need to exit. 
+for someone who doesn't know how to do a simple redirect, one might as well play safe rather 
+than not implement a simple yet crucial step just so he is able 
+to take advantage of advanced process control.
+http://thedailywtf.com/articles/WellIntentioned-Destruction
+*/
+?>
diff --git a/public/.htaccess b/public/.htaccess
index 20aeda3d83..e92a498128 100644
--- a/public/.htaccess
+++ b/public/.htaccess
@@ -1,5 +1,6 @@
 RewriteEngine On
 
+# Please read first the .htaccess file in the parent directory
 # To redirect a subdomain to a subdir because of https not supporting wildcards
 # replace values between <> with your ones
 # RewriteCond %{HTTP_HOST} ^<OSPOS subdomain>\.<my web domain>\.com$ [OR]
@@ -11,10 +12,10 @@ RewriteEngine On
 # RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
 # RewriteCond %{HTTP_HOST} (.+)$ [NC]
 # RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteCond %{REQUEST_FILENAME} !-d
+# RewriteCond %{REQUEST_FILENAME} !-f
+# RewriteCond %{REQUEST_FILENAME} !-d
 # if in web root
-RewriteRule ^(.*)$ index.php?/$1 [L]
+# RewriteRule ^(.*)$ index.php?/$1 [L]
 
 # if in subdir comment above line, uncomment below one and replace <OSPOS path> with your path
 # RewriteRule ^(.*)$ /<OSPOS path>/public/index.php?/$1 [L]
@@ -60,4 +61,4 @@ IndexIgnore *
     ExpiresActive On
     ExpiresDefault "access plus 1 week"
   </FilesMatch>
-</IfModule>
\ No newline at end of file
+</IfModule>
