Deny access to .php files apart from the server itself

Question

How can I write a .htaccess script that prevents the user from running .php files in a certain directory and it's child directories?

I would need to be able to include the php file from the servers index.php or other files though, basically I want to enable to the server to to include the php files from a certain directory but, if the user were to type in the specific URL, it would deny access.

Answer 1

This could do the trick

<FilesMatch "\.php$">
   Deny from all
<FilesMatch>

Also, see the answers to this question: Deny direct access to all .php files except index.php

Answer 2

I usually do something like this:

If I want a user to access a file, say members.php or index.php

<?php
    $GLOBAL_PAGE="page name"; //set the 'visible' flag
    include_once 'headers.php'
...
?>

In headers.php:

<?php
     if(!page_is_authorized($GLOBAL_PAGE))
         //redirect to a valid page
         header( 'Location: index.php' );
     ....
?>

where page_is_authorized($s) checks $s against a list of valid values.

I know this doesn't use .htaccess rules as you requested but I usually don't have access to that file so there goes. It's portable too!