Yes it stops the core folder from being accessible via the webLet me add something - only if Apache is used as your web server. How to check - just rename file to .htaccess and recheck again, if message is still there possibly you have other web server.
location /core/ { deny all; }