Make sure, that ONLY the files in the folder /public/ are accessable from outside (Webserver access).

To make sure no file can be read via a Browser there are several ways... One of them (and supported by the BIGACE Installer) is to use .htaccess files.

Add the following code to the .htaccess files:

deny from all

	Tip
	The required .htaccess files come with BIGACE and can automatically be placed at the correct locations when installing, choosing the option "Usage of Rewrite engine allowed".

The other way could be to change the File/Directory access rights to make sure they cannot be accessed from outside. But this depends on your hosting environment, so simply test it.

Please refer to your Webserver Documentation and see also the section called “URL Rewriting”.