How can I prevent users from accessing include files?

I am using apache server. Is there a way to prevent users from accessing my include files directly ? But only allow the server the access to those开发者_如何学JAVA ?

Another way is to have the include files outside of the directory the site is served from. For example:

/
    includes/somefile.php
    http/index.php

So the Web site is served from http/, but includes are outside of that directory, meaning no one can access them directly from a Web browser, but your scripts can include them like this:

<?php
require_once '../includes/somefile.php';
[...]

Put them in a directory outside of the web root.

i.e. if index.php is in /var/www/domain.com/www, put the includes in /var/www/domain.com/includes or something.

Do not put the include files under the document root (i.e. outside the file tree that apache delivers to the user).