# =========================================================
# Block ALL script execution inside the uploads tree.
# =========================================================

<IfModule mod_php.c>     php_flag engine off </IfModule>
<IfModule mod_php7.c>    php_flag engine off </IfModule>
<IfModule mod_php8.c>    php_flag engine off </IfModule>

RemoveHandler .php .phtml .phar .php3 .php4 .php5 .php7 .php8 .pl .py .jsp .asp .aspx .sh .cgi
RemoveType    .php .phtml .phar .php3 .php4 .php5 .php7 .php8 .pl .py .jsp .asp .aspx .sh .cgi

<FilesMatch "\.(php|phtml|phar|php3|php4|php5|php7|php8|pl|py|jsp|asp|aspx|sh|cgi|exe|html?|htaccess)$">
    Require all denied
</FilesMatch>

Options -Indexes -ExecCGI

<FilesMatch "\.svg$">
    Header set Content-Disposition "attachment"
</FilesMatch>
