deny direct access to a folder and file by htaccess
I would just move the includes
folder out of the web-root, but if you want to block direct access to the whole includes
folder, you can put a .htaccess
file in that folder that contains just:
deny from all
That way you cannot open any file from that folder, but you can include them in php without any problems.
This is pure mod_rewrite
based solution:
RewriteRule ^(includes/|submit\.php) - [F,L,NC]
This will show forbidden error to use if URI contains either /includes/
or /submit.php
It's possible to use a Files directive and disallow access to all files, then use it again to set the files that are accessible:
<Files ~ "^.*"> Deny from all</Files><Files ~ "^index\.php|css|js|.*\.png|.*\.jpg|.*\.gif"> Allow from all</Files>