Hi, we're running an install of C5 5.7.5.8 behind a load balancer and recently got an alert that someone tried to access /concrete/config/database.php via a browser URL. It didn't load, but did cause an issue with the load balancer. The security team are now asking if its possible to restrict access to that file, and other config files via htaccess or similar.

So, the question is, C5 needs to access that file to load the database, but is there a security concern if a user can get access to it? If so, can it be locked down without affecting the site itself?

Cheers for the help in advance!