Allowing only localhost to access a folder where all inclusive php files exist

We all have php files like 'connect_db.php' for include purposes only.

Suppose I have all those inclusive .php files in "www/html/INC"

And I have index.php

I want index.php accessible from browser to everyone, but I wan开发者_开发百科t to prevent users' direct access to "www/html/INC" folder. (e.g. when type in the browser 'www.domain.com/INC/' -> 404 error etc)

How do I achieve this?

Preferrably using .htaccess file in the root directory please.

Something like

<Directory /INC>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Directory>

should work.

How do I achieve this?

Don't. As per my previous answer, it's much more secure to put connect_db.php in /www/, not in /www/html/INC/. If you are going to do so, then you'd use /www/html/.htaccess:

<Directory "/www/html/INC">
   order allow,deny
   deny from all
</Directory>

Google searches have brought me here so I figured I'd post what I found in the apache docs today. I'm not positive what versions of apache it is available in, but do a search for your version to verify.

Now you can just use Require local. I'd recommend putting an .htaccess in the folder that you want to restrict access to with just that line. However, if you must do it in the root directory then here's what it would be:

<Directory "www/html/INC">
    Require local
</Directory>

As of Apache 2.4, Require is the way to go.

E.g. the following denies access to the /www/html/INC directory by anyone except localhost:

<Directory "/www/html/INC">
    Require all granted
    Require ip 127.0.0.1
</Directory>

Move connect_db.php to the more high level in directories tree, than public directory.
And all scripts, which should not be executable - too.

/home/user/project/incs/ -- here your inclusive scripts
/home/user/project/www/html -- here your index.php and other executable scripts.