Is there a way to secure a Roundcube installation, so that it is not possible to access the sub-folder via a browser? For example, if i install Roundcube in a sub-folder called "roundcube" on my web-server, I'm greeted with the login form if i access this folder. File indexing is disabled, so no one can list the filenames of such folder or a sub-folder like "plugins". but when i know a filename of such sub-folder, i could see that file. For example, if there is a plugin called "enigma" with enigma.js inside this, i could view this file if i enter the whole path in the address-bar of my browser. is there anything i could do, to not allow such direct accessing of a file?
I know, this is a problem i have to address with my server software (apache, nginx) but maybe someone has some tips or maybe concern in that way, that Roundcube doesn't work after such a manipulation?