# Block PHP execution in uploads directory
php_flag engine off

# Only allow image files
<FilesMatch "\.(php|php5|phtml|shtml|cgi|pl|py)$">
    Require all denied
</FilesMatch>

# Allow image serving
<FilesMatch "\.(jpg|jpeg|png|gif|webp|heic)$">
    Require all granted
</FilesMatch>
