Avoid users to access config folder

I’ve downloaded Bedrock to give it a try, and I have a couple of (maybe stupid) questions…

As it is now, if I type in my broser http://myblog.local/config, I can see all my config files (and the same happens with other folders), which I don’t think is a good idea…

So, what can I do to prevent that and grant access only to those files/folders that are necessary for the proper operation of the site?
Because, all those directories must be within the web root, right?
Is there anything I can do in the code, or I have to set some server configuration?

A web folder was recently incorporated, which keeps config, scripts and vendor outside of the web root. You will still need to configure your web server correctly for 100% coverage.

This can be done as you would on any VPS; by adding rules into the virtual host/server block configurations and setting the appropriate file permissions. Our ansible playbook will include sensible defaults that do most of the heavy lifting, but it’s not ready yet.

Wow thank you! It was not in there on Friday when I last checked it :smile:
It makes more sense for me now…