# Block PHP / scripts inside uploads, allow images & docs
<FilesMatch "\.(php|phtml|phar|pl|py|cgi|sh|exe)$">
  Require all denied
</FilesMatch>
Options -ExecCGI
AddType text/plain .php .phtml .phar
