Home Web security, .htaccess and upcoming router
 So I'm trying to build a router, but before I do that I really need to know my .htaccess better. I want to be able to control all paths filled in by my users. If I have some files in www.example.com/config/, I don't want users to find out I have files there. Also, files in folders like these are accessible which is not what I want, but I don't know how to fix that. I only have one folder that should be accessible to users: /public. index.php: var_dump($_GET['url']);  .htaccess:  Options -MultiViews RewriteEngine On # Redirect to HTTPS... RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.+)$ index.php?url=$1 [QSA,L] [L]  Now, my index.php says this: string(9) "403.shtml", when the URL is: www.example.com/config/. While it actually should be /config/, right? Or should I handle this entirely differently? Let me know. Maybe not using $_GET['url'], but \$_SERVER['REQUEST_URI'], again: I don't know if that bad or good practice. Note: I'm not running on nginx, so I can't setup a virtualHost.