# ── Block PHP execution inside uploads ───────────────────────────────────────
# This prevents malicious PHP files being uploaded and executed

<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|jsp|asp|htm|html|shtml|sh|cgi)$">
    Order deny,allow
    Deny from all
</FilesMatch>

# Block directory listing
Options -Indexes

# Allow only image files
<FilesMatch "\.(jpg|jpeg|png|gif|webp|svg)$">
    Order allow,deny
    Allow from all
</FilesMatch>
