Deny script from client, but use locally

I have a .ht开发者_JS百科access file - looks something like this:

RewriteEngine On

<FilesMatch ^.*\.php.*$>
 Order allow,deny
 Deny from all
 Satisfy All
</FilesMatch>

RewriteRule ^help$ scripts/help.php [L]
#more rewrites here...

What I'd like to be able to do is allow a URL such as http://example.com/help to be rewritten (as per the rule there) and handled by the help.php script in the scripts directory, but at the same time, deny people from directly running the script by using http://example.com/scripts/help.php. The problem is, when I use these statements, both URLs return a 403 Forbidden. I'm not even sure if what I'm trying to do is possible...

Unfortunately, I cannot place files outside/above of the root web directory (which is why I'm asking this), nor do I have access to the httpd.conf file.

If /help is requested, it gets rewritten to /scripts/help.php internally that then fulfills the pattern of <FilesMatch>. That’s why the access to /help is also forbidden.

But you can use mod_rewrite to only forbid the access to /scripts/help.php if it was requested directly by checking the request line:

RewriteCond %{THE_REQUEST} ^[A-Z]+\ /[^?\ ]*\.php[/? \]
RewriteRule .*\.php.*$ - [F]

Here ^[A-Z]+\ /[^?\ ]*\.php[/? \] tests whether there is a .php in the requested URI path (it might only be preceded by any character except ? and a space) and is either followed by a / (path segment separator), a ? (indicator for the URI query) or a space (end of the URI).