can apache server be able to access php files saved outside docroot
what if the person just guest the directory link and bypass index.php files residing on public_html
eg https://example.com/i have seen it/steal.php
won't it execute.
I think we need to tell apache not to load directory /web outside root as follows
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
<Directory /web>
Order Allow,Deny
Allow from all
</Directory>
my problem is that this only work in httpd.config file.
Ok Within my shared hosting account, i don't have access to httpd.config file. I entered the above code inside .htaccess files but is not working. it seems that directory tag is not allow inside .htaccess files<directory> </directory>
1: How can i achieve this using either php.ini or .htaccess
2: Can directory tag works inside .htaccess files