LoadModule access_compat_module lib/httpd/modules/mod_access_compat.so #needed for Allow/Deny
LoadModule rewrite_module modules/mod_rewrite.so #needed for pretty URLs

<VirtualHost *:80>
  ServerName localhost

  DocumentRoot "/www"
  DirectoryIndex index.php

  #FPM support (optional), note that this section must be before the deny rules below to ensure only allowed php files are forwarded to PHP
  <LocationMatch \.php$>
    ProxyPassMatch fcgi://127.0.0.1:9000/www
  </LocationMatch>

  #Deny access to bash, cache and include (except plugin images, script and style, e.g. include/plugins/plugin/style/*.css)
  <LocationMatch (bash|cache|include)/>
    Deny from all
  </LocationMatch>
  <LocationMatch (images|script|style)/.*\.(png|jpg|gif|css|js)>
    Allow from all
  </LocationMatch>

  #Pretty URLs
  RewriteEngine on
  RewriteCond %[DOCUMENT_ROOT]%[REQUEST_FILENAME] !-d
  RewriteCond %[DOCUMENT_ROOT]%[REQUEST_FILENAME] !-f
  RewriteCond %[DOCUMENT_ROOT]%[REQUEST_FILENAME] !-l
  RewriteRule ^ /index.php

</VirtualHost>

server {
  listen 80;
  server_name localhost;

  root /www;
  index index.php;

  #Pretty URLs
  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  #Deny access to bash, cache and include (except plugin images, script and style, e.g. include/plugins/plugin/style/*.css)
  location ~ (images|script|style)/.*\.(png|jpg|gif|css|js) {
    allow all;
  }
  location ~ (bash|cache|include)/ {
    deny all;
  }

  #FPM support
  location ~ \.php$ {
    fastcgi_pass localhost:9000;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}