On a web server, I have a folder inside the root folder (public_html) that should be protected. It contains system files, settings, logs, classes and so on ...
Generally, what is the best option to protect access to the folder, any file contained in it and all its subdirectories?
Examples.
Change file httpd.conf or apache2.conf .
To block access to files with .conf extension and .log extension.
<Files ~ "(.conf|.log)">
Order allow,deny
Deny from all
</Files>
To block a directory that is located in DocumentRoot (I do not know if this is what you intend to do):
<Directory "/var/www/Projeto/configuracoes">
deny from all
</Directory>
References and other useful links:
Put the system files in a directory with no public access
Example
DocumentRoot is set to /var/www/site/public_html/
So just put the system files in any other directory that is not public. Example /var/www/site/app/
So within that directory would look something like this
/var/www/site/app/core/
/var/www/site/app/libs/
/var/www/site/app/vendor/
In the /var/www/site/public_html/ directory, obviously you have index.php.
In the index.php file simply include the system files by doing the directory indentation.
Example: include __DIR__.'/../app/Core/Core.php'; .
Log files can be moved to another location
Instead of /var/www/site/app/logs , I suggest /var/www/site/logs/ .
One reason is that when you need to back up the app folder, you do not have to worry about skipping log files or other unnecessary log files.