# Basic hardening for Apache: prevent running PHP from uploads directory
<FilesMatch "\.(php|phtml|phar)$">
  Require all denied
</FilesMatch>

# Optional: allow common audio types
AddType audio/mpeg .mp3
AddType audio/mp4 .m4a
AddType audio/ogg .ogg
AddType audio/wav .wav
