Security issue?

[ghostwolf59]

Hi,
Is there a way to prevent access to the index.php from within the browser?
Noticed today that if I simply put the ip address for where zm runs I in effect get access to .../www/zoneminder/index.php

I.e <ip address>/zm/index.php displays zm web interface
but if I simply put in <ip address>/ as the url I am offered to open or download the .../www/zoneminder/index.php

Made an attempt to modd .../etc/nginx/nginx.conf by adding autoindex off; but that didnt do anything.