# Secure Uploads Directory
# Prevent direct access and execution of PHP files

# Disable directory browsing
Options -Indexes

# Deny access to PHP files
<FilesMatch "\.(php|phtml|php3|php4|php5|phps|pht)$">
    Order Deny,Allow
    Deny from all
</FilesMatch>

# Allow only specific file types to be accessed
<FilesMatch "\.(jpg|jpeg|png|gif|pdf|csv|xlsx|xls|doc|docx)$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

# Additional security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "DENY"
</IfModule>
