TL:DR Will permission 444 on a folder restrict access for a web user and browser?
I have a webserver with a root catalog that is accessible from the web. I can't access any folders higher up in the hiearchy, I only have control of the root folder and down.
Lets say I have the following folder structure:
I want the includes folder to follow these rules:
Can I solve this by setting "includes" and all subfolders/files with permission 444? If so, is there a known way to bypass this access-rule or is it safe to use?
If you want to keep assets safe from web access you need to move them outside of your web root. Typically one level below your web root is used. This way they are still accessible via FTP and your code but not to web requests.