Apache configuration and security

Hi all, sorry for maybe a dumb question, or if my google-fu has failed me.

I’ve installed nextcloud, located the data folder outside of web root. However, should I be worried that extensions/“apps” appear to be in web root? E.g. if an attacker knew the URL could they download my bookmarks db?

If so are there recommended apache configurations that I should look in to?


This should not be possible if the apache settings are correct, here is an example configuration:

1 Like