Folks, I have a website developed with MVC, and I have the following folders: app, public, src and config. Except public, of course, I don't at all want the folders 'app', 'src' and 'config' including their contents and subfolders to be accessed. Recently, I've done something like that, for instance:
location ^~ /app {
deny all;
}
Now I wonder if that by itself is enough to protect such folders, once they store stuff like controllers, views, models, includes, configuration scripts, and all my business rules and whatnot. If not, what would you recommend. Note: that project server language is PHP.