All site files are in DocumentRoot, so direct request to any *.php file is allowed. Tested some of them (for example /routes.php) - got 500 Internal server error. I think it would be better to have DocumentRoot dir with only things needed to be publicly accessible and leave all other outside DocumentRoot.
What do you think ?
All site files are in DocumentRoot, so direct request to any *.php file is allowed. Tested some of them (for example /routes.php) - got 500 Internal server error. I think it would be better to have DocumentRoot dir with only things needed to be publicly accessible and leave all other outside DocumentRoot. What do you think ?