tag/deploy-2026.04.29-49/uploads/.htaccess

# Deny direct access to uploaded files
# All downloads must go through download_attachment.php

<IfModule mod_authz_core.c>
    Require all denied
</IfModule>

<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>

# Disable script execution
<IfModule mod_php.c>
    php_flag engine off
</IfModule>

# Prevent directory listing
Options -Indexes

# Block common executable extensions
<FilesMatch "\.(php|phtml|php3|php4|php5|php7|phps|phar|cgi|pl|py|sh|bash|exe|com|bat|cmd|vbs|js|html|htm|asp|aspx|jsp)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</FilesMatch>
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00			`# Deny direct access to uploaded files`
			`# All downloads must go through download_attachment.php`

			`<IfModule mod_authz_core.c>`
			`Require all denied`
			`</IfModule>`

			`<IfModule !mod_authz_core.c>`
			`Order deny,allow`
			`Deny from all`
			`</IfModule>`

			`# Disable script execution`
			`<IfModule mod_php.c>`
			`php_flag engine off`
			`</IfModule>`

			`# Prevent directory listing`
			`Options -Indexes`

			`# Block common executable extensions`
			`<FilesMatch "\.(php\|phtml\|php3\|php4\|php5\|php7\|phps\|phar\|cgi\|pl\|py\|sh\|bash\|exe\|com\|bat\|cmd\|vbs\|js\|html\|htm\|asp\|aspx\|jsp)$">`
			`<IfModule mod_authz_core.c>`
			`Require all denied`
			`</IfModule>`
			`<IfModule !mod_authz_core.c>`
			`Order deny,allow`
			`Deny from all`
			`</IfModule>`
			`</FilesMatch>`