# Block execution of PHP and other server-side scripts in this upload directory.
# This prevents uploaded webshells from being executed even if file type
# validation is bypassed.
<FilesMatch "\.(php\d?|phtml|phar|php3|php4|php5|php7|shtml|cgi|pl|py|rb|sh)$">
    Order deny,allow
    Deny from all
</FilesMatch>

# Disable .htaccess overrides in subdirectories of this upload folder
Options -Indexes
