can apache server be able to access php files saved outside docroot
what if the person just guest the directory link and bypass index.php files residing on public_html

eg have seen it/steal.php
won't it execute.

I think we need to tell apache not to load directory /web outside root as follows

<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
<Directory /web>
Order Allow,Deny
Allow from all

my problem is that this only work in httpd.config file.

Ok Within my shared hosting account, i don't have access to httpd.config file. I entered the above code inside .htaccess files but is not working. it seems that directory tag is not allow inside .htaccess files<directory> </directory>

1: How can i achieve this using either php.ini or .htaccess
2: Can directory tag works inside .htaccess files

In .htaccess

Options All -Indexes

will turn directory browsing off

More on htaccess

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.