# Deny execution of PHP files in uploads
<IfModule mod_php.c>
    php_flag engine off
</IfModule>

<IfModule mod_php7.c>
    php_flag engine off
</IfModule>

<IfModule mod_php8.c>
    php_flag engine off
</IfModule>

# Block PHP files
<FilesMatch "\.php$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>

# Only allow specific image types
<FilesMatch "\.(?!(jpg|jpeg|png|gif|webp)$)[^.]*$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
</FilesMatch>

# Disable script execution
Options -ExecCGI
AddHandler cgi-script .php .php5 .php7 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
