I'm not very good when it comes to .htaccess rules so I'm seeking your help.
I'm trying to find a set of rules that would enhance the security of my PHP app in the following manners:
- Deny upload of all file types except for images [jpg, png, gif] and docs [pdf, doc, docx]
- Deny access to all [php, php3] files except for index.php, image.php in folder /uploads and all sub folders
PS: My goal is to deny the upload and direct access to malicious uploaders even if they find away to bypass my uploads handler. The reason I'm seeking a solution with .htaccess is because rewriting the code would be very time consuming as the app has been deployed on a number of websites.