How to make sure the config files are not accessible over HTTP

I have a problem relating to security testing. My system has been built by Code Igniter framework that places the config files in \application\config and sub folders. How can i make sure the config files are not accessible over HTTP?