# Only allow image types to be served
<FilesMatch "\.(jpg|jpeg|png|gif|webp)$">
    Order allow,deny
    Allow from all
</FilesMatch>

# Deny everything else
<FilesMatch "\.(php|phtml|phar|pl|py|sh|cgi)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Don't execute any PHP that somehow lands here
<IfModule mod_php.c>
    php_flag engine off
</IfModule>
<IfModule mod_php7.c>
    php_flag engine off
</IfModule>
<IfModule mod_php8.c>
    php_flag engine off
</IfModule>

# Allow direct image listing
Options -Indexes