move logs, temp, include and config out of web tree
|Reported by:||tensor1982||Owned by:|
For security sake please consider moving logs, temp, include and config directories out of the DocumentRoot?.
DocumentRoot? should only have .php and static files which are directly accessible by requesting the corresponding URL.
A common approach is too carelessly delete .htaccess files and forget about any access control if something does not work. With a new approach only public (world known) files will be in document root and there will be no sensistive files directly accessible though a web server.