Hi all,
As part of our security work on Moodle installed here, we noticed that the Apache can access Moodle files located in the Moodle folder
For example, We can access from a browser the URL (moodlehost)/userlogin/assets/js/scripts.js and view its content. We can also access all XML files directly from the browser.
Is there a way to restrict such access? I hate to see our environment variable publicly available.
Many thanks