SamuelTallet
commented
2 years ago I agree with you. While waiting for a real solution, I should add a Deny from all in a .htaccess file inside source/PHP/MPG folder.
Open Z9n2JktHlZDmlhSvqc9X2MmL3BwQG7tk opened 2 years ago
SamuelTallet
commented
2 years ago I agree with you. While waiting for a real solution, I should add a Deny from all in a .htaccess file inside source/PHP/MPG folder.
All site files are in DocumentRoot, so direct request to any *.php file is allowed. Tested some of them (for example /routes.php) - got 500 Internal server error. I think it would be better to have DocumentRoot dir with only things needed to be publicly accessible and leave all other outside DocumentRoot. What do you think ?