# Block direct execution of uploaded files
Options -Indexes -ExecCGI
AddHandler cgi-script .php .pl .py .jsp .asp .sh

<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|sh|cgi|asp|aspx)$">
  Order deny,allow
  Deny from all
</FilesMatch>

# Allow only download of whitelisted types
<FilesMatch "\.(pdf|doc|docx|xls|xlsx|ppt|pptx|png|jpg|jpeg|gif|txt|csv|zip)$">
  Order allow,deny
  Allow from all
</FilesMatch>
