Secure the server: prevent the users from browsing/getting files from the conf directories.

With Apache, it is still a must to enable htaccess with the spec "AllowOverride All". The index.php files are here to prevent from browsing whatever the HTTP server config.

.gitignore

@@ -1,9 +1,14 @@
 
 # no slash at the end to handle also symlinks
 /toolkit
-/conf
 /env-*
 
+# listing prevention in conf directory
+/conf/**
+!/conf/.htaccess
+!/conf/index.php
+!/conf/web.config
+
 # composer reserver directory, from sources, populate/update using "composer install"
 vendor/*
 test/vendor/*