I have some includes files and I don't want to expose them via HTTP. They are only used for being included into other PHP files.
Should I configure .htaccess file and add some lines to specify that?
Thanks in advance...
You could use .htaccess rules or put them outside of your web directory!
EDIT:
It seems you are looking for an easy answer. You could have googled it, but here is one, try it:
<Files filename.php>
order allow,deny
deny from all
</Files>
If your included file is PHP, define a constant in your index/main code, check it in the include files
Index.php
<?php
define('INDEX_LOADED',TRUE);
include('include.php');
?>
Include.php
<?php
if(!defined('INDEX_LOADED'))
die('not to be accessed directly');
// rest of code here
?>
You should never put files, that you don't want to get accessed from outside, into a directory, that is accessible from outside, or in short: Move the files outside the document root.
Lets say
/path/to/htdocs/index.php
/path/to/privateFiles/include.php
In index.php you can use
require dirname(__FILE__) . '/../privateFiles/include.php';
When you want to make it a little bit more portable, you can separate both directories from each other. Usually files from privateFiles/ don't need to know about the files in htdocs. In index.php you can do something like
define('INCLUDES_PATH', '/path/to/privateFiles');
and then anywhere within your application
require INCLUDES_PATH . '/include.php';
When you want to move the private files around, you just need to change the constant in index.php.