I'd like to know how i can go about denying direct web access to configuration files of application whilst allowing php to access them.
I know most answers would suggest to put the includes outside the public_html directory. But I really don't think it's that efficient.
Thanks.
PHP just uses the file system to access files where web users usually go through apache and that verifies a .htaccess file. So just place that file that contains deny from all into that directory and voilla.