# Protect uploads directory
# Prevent direct access to files
Order Deny,Allow
Deny from all

# Allow access only from the application
<FilesMatch "\.(jpg|jpeg|png|gif|webp|pdf|doc|docx|xls|xlsx)$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

# CRITICAL SECURITY: Prevent PHP execution in uploads directory
# Block all PHP files and scripts
<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|jsp|asp|sh|cgi)$">
    Order Deny,Allow
    Deny from all
</FilesMatch>

# Disable PHP engine for all files in this directory
php_flag engine off

# Prevent execution of scripts
Options -ExecCGI
RemoveHandler .php .phtml .php3 .php4 .php5 .phps .cgi .exe .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .htm .html .js

# Additional security: Prevent directory listing
Options -Indexes