I am doing PHP web application, with Apache.
There are a few configuration files ( like App.yml) whose content I don't want to expose to users under whatsoever circumstances. Is there anyway that I can tweak my Apache setting so that these files won't be available when hostile users query for them?
You can create a .htaccess file in that directory and place in it
order deny,allow
deny from all
You can also do this if you only want to block one file.
<Files filenamehere>
order deny,allow
deny from all
</Files>
The best option would be to place the files outside of your document root. If that's not possible, you can deny access to them in apache .conf file (or a .htaccess file) with
<Directory /path/to/dir>
Deny from all
</Directory>