From:
The includes folder
For security reasons, all files in a folder
includesare blocked. This includes URLs like http://example.com/includes/function.php or http://example.com/includes/pages/product.php.The idea behind this is that
includesmeans that the folder contains scripts meant to be loaded into other scripts with PHP include (or require). Scripts like that are generally not meant to be accessed directly.The fix for this is simple: do not use the folder name
includesfor anything that’s supposed to be accessed by browser. Instead, put such pages in a folderpages,functions,actionsor a folder with any other name.