# Prevent direct access to uploaded files
Options -Indexes
<Files *.php>
    deny from all
</Files>

# Allow only specific file types
<FilesMatch "\.(pdf|jpg|jpeg|png|gif|doc|docx)$">
    allow from all
</FilesMatch>