- Rule 1: PHP scripts will only be executed from the root dir (in the case of user scripts) and the ACP sub-directory in the case of ACP commands
- Rule 2: These directories should contain no php modules that are not intended to be executed as a script.
- Rule 3: Any directories that contain files that are only intended to be accessed programmatically and not by external URI should be prefixed with an "_" character
Why do this? Simply because the .htaccess rule (or the equivalent <DirectoryMatch regex> in the corresponding <VirtualHost> on large boards)
RewriteRule /(\.|_) - [forbidden]