# Allow image files, block everything else
Options -Indexes -ExecCGI

# Disable PHP execution in this directory
<IfModule mod_php.c>
    php_flag engine off
</IfModule>
<IfModule mod_php8.c>
    php_flag engine off
</IfModule>

# Block any non-image file access
<FilesMatch "(?i)\.(php|php\d|phtml|phar|pl|py|cgi|sh|rb|exe|bat)$">
    Require all denied
</FilesMatch>

# Only allow known image types
<FilesMatch "(?i)\.(jpg|jpeg|png|gif|webp)$">
    Require all granted
</FilesMatch>
