PHP/Apache Deny folder access to user but not to script
Move the folder out of the webserver's root directory so that apache will not server files from that directory at all. You can still include files from the folder if it is readable by the apache/http user, but your site users won't be able to access it from any url.
You can make a .htaccess file and enter Options -Indexes this will disable listing of the files in the directory.
If you also need the traffic to originate from your site you will need to make a file say... index.php with code that checks $_SERVER['HTTP_REFERER'] to see if the traffic originates from your site.
EDIT
Oh I forgot you can actually fix it all in the .htaccess:
Options -IndexesRewriteEngine OnRewriteCond %{HTTP_REFERER} !^http://your-host.com/.*$ [NC]RewriteRule ^.* /403-page [L,R]This will do all the work of the script I suggested, so you won't need it anymore.
Yes, this is correct. .access files block access to the users, but has no influence on local serverscripts.