# ====================================================================
# Security: this folder holds user-uploaded images (products, banners,
# logos, deposit proof screenshots). Nothing here should ever execute
# as a script, even if someone manages to upload a file with a .php
# (or similar) extension.
# ====================================================================

<IfModule mod_php7.c>
  php_flag engine off
</IfModule>
<IfModule mod_php.c>
  php_flag engine off
</IfModule>

<FilesMatch "\.(php|php\d|phtml|phar|pl|py|cgi|asp|aspx|sh|exe)$">
  Require all denied
</FilesMatch>

# Extra safety net for Apache 2.2-style configs
<IfModule !mod_authz_core.c>
  <FilesMatch "\.(php|php\d|phtml|phar|pl|py|cgi|asp|aspx|sh|exe)$">
    Order allow,deny
    Deny from all
  </FilesMatch>
</IfModule>
