# Deny unwanted file extensions to prevent compromised files to be executed
# Use a negative lookahead assertion to deny everything that is NOT listed
<FilesMatch "^(?!.*\.(jpe?g|png|gif|webp|mp3|mp4|flv|webm|swf)$).*$">
    <IfModule mod_authz_core.c>
        # Apache >= 2.4
        Require all denied
    </IfModule>

    <IfModule !mod_authz_core.c>
        # Apache <= 2.2
        Deny from all
    </IfModule>
</FilesMatch>
