It is a hard and fast rule to put LogBox outside of the webroot and hook up a mapping? Obviously deployment to multiple nodes a bit easier if it is all in the webroot but then I guess I will need to some URL rules in place - mitigating the ease of deployment 🙂 Not sure if you guys have seen an exploits targeted at logbox that make this a concern.

Others may disagree, but my rule is nothing under the webroot unless it needs to be EVER