# =====================================================
# UPLOADS DIRECTORY .HTACCESS
# Prevent PHP Execution in Uploads
# =====================================================

# Prevent PHP Execution
<FilesMatch "\.php$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</FilesMatch>

# Only Allow Specific File Types
<FilesMatch "\.(jpg|jpeg|png|gif|webp|pdf|doc|docx)$">
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Allow from all
    </IfModule>
</FilesMatch>

# Prevent Directory Browsing
Options -Indexes

# Disable Script Execution
RemoveHandler .php .phtml .php3 .php4 .php5 .php6 .phps .cgi .pl .py .rb .sh
RemoveType .php .phtml .php3 .php4 .php5 .php6 .phps .cgi .pl .py .rb .sh

# Security Headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
</IfModule>