I’ve downloaded Bedrock to give it a try, and I have a couple of (maybe stupid) questions…
As it is now, if I type in my broser http://myblog.local/config, I can see all my config files (and the same happens with other folders), which I don’t think is a good idea…
So, what can I do to prevent that and grant access only to those files/folders that are necessary for the proper operation of the site?
Because, all those directories must be within the web root, right?
Is there anything I can do in the code, or I have to set some server configuration?
A web folder was recently incorporated, which keeps config, scripts and vendor outside of the web root. You will still need to configure your web server correctly for 100% coverage.
This can be done as you would on any VPS; by adding rules into the virtual host/server block configurations and setting the appropriate file permissions. Our ansible playbook will include sensible defaults that do most of the heavy lifting, but it’s not ready yet.