Hello,
my whole sensitive config like db connection params is in confi.ini file. Maybe someone has already written .htaccess to prevent ini files from reading?
Thank you
Ideally you would not have the configuration files in the public web directory, it should be outside it. Your entire application (typically 'app' dir) should be outside the public directory. The bootstrap index.php file, and all static resources like CSS, JS, images, etc should be the only files in the public directory.
I can't do that because of server configuration. Ftp server is chrooted me at public_html.
In that case you might be best using a .php file for the configuration, rather than a .ini
But if absolutely neccessarry, you can block access to the configuration directory by adding
deny from all
to your .htaccess If that doesn't work, just do
order deny,allow
deny from all