# Uploads Directory - Maximum Security
# Prevent PHP execution and malicious file uploads

# Disable PHP execution completely
<FilesMatch "\.php$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

<IfModule mod_php7.c>
    php_flag engine off
</IfModule>

# Block dangerous file types
<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|jsp|asp|aspx|shtml|sh|cgi|exe|bat|com)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Only allow safe file types
<FilesMatch "\.(jpg|jpeg|png|gif|pdf|doc|docx|xls|xlsx|zip|rar)$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

# Force download instead of execute
<IfModule mod_headers.c>
    Header set Content-Disposition "attachment"
    Header set X-Content-Type-Options "nosniff"
</IfModule>

# Disable directory listing
Options -Indexes -ExecCGI

# Disable script execution
AddHandler cgi-script .php .pl .py .jsp .asp .aspx .shtml .sh .cgi
Options -ExecCGI

# Security headers
<IfModule mod_headers.c>
    Header set X-Robots-Tag "noindex, nofollow"
    Header set X-Frame-Options "DENY"
</IfModule>

# Block .htaccess access
<Files ".htaccess">
    Order Allow,Deny
    Deny from all
</Files>

# Block hidden files
<FilesMatch "^\.">
    Order Allow,Deny
    Deny from all
</FilesMatch>
