# Drop this file as ".htaccess" inside any newly created upload subfolder
# (e.g. public_html/assets/images/signatures/.htaccess) if you want to be
# explicit about public read access. In most cPanel setups this is already
# the default for public_html, so it's only needed if your server overrides it.

Options -Indexes
<IfModule mod_authz_core.c>
    Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
    Order allow,deny
    Allow from all
</IfModule>

# Block execution of any uploaded scripts (security)
<FilesMatch "\.(php|phtml|phar|pl|py|cgi|sh)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</FilesMatch>
