exponentcms/exponent-cms/master/files/uploads/.htaccess
# secure directory by disabling script execution
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .html .shtml .sh .cgi
Options -ExecCGI
#<Files *>
# order deny,allow
# deny from all
#</Files>
#<Files ^(*.jpeg|*.jpg|*.JPEG|*.JPG|*.png|*.gif)$>
#<FilesMatch ".(jpeg|jpg|JPEG|JPG|png|gif)$">
# order deny,allow
# allow from all
#</FilesMatch>
#</Files>
#<FilesMatch ".(?i:pdf)$">
# order deny,allow
# allow from all
# ForceType application/octet-stream
# Header set Content-Disposition attachment
#</FilesMatch>
<FilesMatch ".(zip|gz|bz2)$">
order deny,allow
allow from all
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
<FilesMatch ".(php|phps|pl|py|jsp|asp|htm|html|shtml|sh|cgi|txt)$">
ForceType text/plain
</FilesMatch>
On Github License
Files