I'm trying to deny users from accessing the site/includes folder by manipulating the URL.
I don't know if I have to deny everything and manually make individual exceptions to allow, if I can just deny this one folder, or if there's a rewrite function that can be used.
Specific example: I don't want to see the directory files by typing in localhost/site/includes into the URL.
Create site/includes/.htaccess file and add this line:
Deny from all 
.htaccess. so, how can I do that without .htaccess ? thanksDeny from all won't give 404 but 403. You can still access file/folders using PHP/Perl etc but not using a web request. You can open a new question if that didn't answer your query.
<Directory>, you would need to have at least AllowOverride Limit.You can also deny access to a folder using RedirectMatch
Add the following line to htaccess
RedirectMatch 403 ^/folder/?$ This will return a 403 forbidden error for the folder ie : http://example.com/folder/ but it doest block access to files and folders inside that folder, if you want to block everything inside the folder then just change the regex pattern to ^/folder/.*$ .
Another option is mod-rewrite If url-rewrting-module is enabled you can use something like the following in root/.htaccss :
RewriteEngine on RewriteRule ^folder/?$ - [F,L] This will internally map a request for the folder to forbidden error page.
.htaccess files in every directory that I need to deny access for.
In an .htaccess file you need to use
Deny from all Put this in site/includes/.htaccess to make it specific to the includes directory
If you just wish to disallow a listing of directory files you can use
Options -Indexes 
Options -Indexes to the bottom of the page? @OliverMGrechWe will set the directory to be very secure, denying access for all file types. Below is the code you want to insert into the .htaccess file.
Order Allow,Deny Deny from all Since we have now set the security, we now want to allow access to our desired file types. To do that, add the code below to the .htaccess file under the security code you just inserted.
<FilesMatch "\.(jpg|gif|png|php)$"> Order Deny,Allow Allow from all </FilesMatch> your final .htaccess file will look like
Order Allow,Deny Deny from all <FilesMatch "\.(jpg|gif|png|php)$"> Order Deny,Allow Allow from all </FilesMatch> Source from Allow access to specific file types in a protected directory
Just put .htaccess into the folder you want to restrict
## no access to this folder # Apache 2.4 <IfModule mod_authz_core.c> Require all denied </IfModule> # Apache 2.2 <IfModule !mod_authz_core.c> Order Allow,Deny Deny from all </IfModule> Source: MantisBT sources.
You can create a .htaccess file for the folder, wich should have denied access with
Deny from all or you can redirect to a custom 404 page
Redirect /includes/ 404.html On Apache 2.4 you can use an Apache <If> expression in the root .htaccess file to block direct access to this specific subdirectory and everything within it.
For example:
<If "%{REQUEST_URI} =~ m#^/site/includes($|/)#"> Require all denied </If> 
Creating index.php, index.html, index.htm is not secure. Becuse, anyone can get access on your files within specified directory by guessing files name. E.g.: http://yoursite.com/includes/file.dat So, recommended method is creating a .htaccess file to deny all visitors ;). Have fun !!
You can also put this IndexIgnore * at your root .htaccess file to disable file listing of all of your website directories including sub-dir
Options -Indexes.You can do this dynamically that way:
mkdir($dirname); @touch($dirname . "/.htaccess"); $f = fopen($dirname . "/.htaccess", "w"); fwrite($f, "deny from all"); fclose($f); For some reasons which I did not understand, creating folder/.htaccess and adding Deny from All failed to work for me. I don't know why, it seemed simple but didn't work, adding RedirectMatch 403 ^/folder/.*$ to the root htaccess worked instead.
Options -Indexesin .htaccess file located in root folder