Would be worth to have a new config excludes to list files to not be symlinked or stubbed in the web folder. Currently you have control over the asset file types list, you can include or alter the list, but you can't exclude a file or folder.
In this example, install.php and sites/simpletest will not be symlinked to web folder, it means that will not be available over the internet.
As mentioned in the README:
Consider to exclude `/install.php` from your site. There are security concerns when this URL is publicly available, it can be used to create a list of contributed modules existing on the site.
You can exclude it via plugin as described above or via `.htaccess` rules.
- [DO#2840973: Install system should not produce PHP errors](https://www.drupal.org/node/2840973)
- https://www.drupalxray.com
Would be worth to have a new config
excludesto list files to not be symlinked or stubbed in the web folder. Currently you have control over the asset file types list, you can include or alter the list, but you can't exclude a file or folder.In this example,
install.phpandsites/simpletestwill not be symlinked to web folder, it means that will not be available over the internet.As mentioned in the README: