# Allow uploaded proof/KYC files to be served, but never execute PHP here
php_flag engine off
<FilesMatch "\.(php|phtml|php3|php4|php5|phar)$">
    Require all denied
</FilesMatch>
