- some usage is in the public folder that the uploaded file is stored.
RewriteEngine on
#if the file does not have one of theses extensions
RewriteCond %{REQUEST_URI} !\.(png|jpg|jpeg|gif|PNG|JPG|JPEG|GIF|Png|Jpg|Jpeg|Gif|pdf|PDF|Pdf)$
#then it should be marked as forbidden.
RewriteRule .*$ - [F]
Ref: