I noticed that //myzabbix/icons/ (i.e, /usr/share/httpd/icons) can be browsed with the provided settings from Zabbix. The other Zabbix directories are secured in the zabbix.conf file located in /etc/httpd/conf.d.

Example here:

</Directory>

<Directory "/usr/share/zabbix/conf">
Require all denied
</Directory>

<Directory "/usr/share/zabbix/app">
Require all denied
</Directory>

<Directory "/usr/share/zabbix/include">
Require all denied
</Directory>

<Directory "/usr/share/zabbix/local">
Require all denied
</Directory>

I wanted to report this in case this was not intentional.