Security warning

**It is extremely important that the config.neon and the entire directory app, log & etc is not accessible from a web browser. If these directories will not be protect against direct access from the Internet, anyone will be able to see your passwords and other sensitive information.

How to determine whether file is protected? Simply try to open it in the browser. If your site is located at and config.neon is placed in the directory app/config, try to open the URL The browser should show page not found error. If it shows the contents of the configuration file, there is a serious security hole and you need to fix it.

To protect critical files from being accessed from the web is your responsibility. How to do it?

.htaccess file

The text file .htaccess is used to modify some configuration options of web server. For example, restricting access to certain files or directories. It works on Apache servers.

Make sure that there is a file .htaccess in directories app, log & etc with the following content:

Order Allow,Deny
Deny from all

Host administration

Some hosts provide the ability to restrict access to the directories in its web interface. Disable access to the whole directories app, log & etc.

Directory Structure

If your web application uses a directory structure, where directories app, log & etc are not available from a web browser, there is no need to set anything else.

Improve this page