I need clarification on cache/, files/ and store/ folder permissions. I have two phpBB 3.1.11 versions, one with .htaccess files in the aforementioned 3 folders and one version (assuming later) without. I want to make sure I have them setup correctly now that I'm on Apache 2.4.25. The version with .htaccess files I believe has been updated from older versions. I noticed newer downloads don't have .htaccess files in those folders and the main/root .htaccess has "if Apache 2.4" statements. What would be the correct or best way to Deny access to these 3 folders with phpBB 3.1.11 on Linux with Apache 2.4.25?
6.ii. Webserver configuration
Depending on your web server, you may have to configure your server to deny web access to the cache/, files/, store/ and other directories. This is to prevent users from accessing sensitive files.
For Apache there are .htaccess files already in place to do this for you. Similarly, for Windows based servers using IIS there are web.config files already in place to do this for you. For other webservers, you will have to adjust the configuration yourself. Sample files for nginx and lighttpd to help you get started may be found in docs/ directory.