How can I write a .htaccess script that prevents the user from running .php files in a certain directory and it's child directories?
I would need to be able to include the php file from the servers index.php or other files though, basically I want to enable to the server to to include the php files from a certain directory but, if the user were to type in the specific URL, it would deny access.
This could do the trick
<FilesMatch "\.php$">
Deny from all
<FilesMatch>
Also, see the answers to this question: Deny direct access to all .php files except index.php
I usually do something like this:
If I want a user to access a file, say members.php or index.php
<?php
$GLOBAL_PAGE="page name"; //set the 'visible' flag
include_once 'headers.php'
...
?>
In headers.php:
<?php
if(!page_is_authorized($GLOBAL_PAGE))
//redirect to a valid page
header( 'Location: index.php' );
....
?>
where page_is_authorized($s) checks $s against a list of valid values.
I know this doesn't use .htaccess rules as you requested but I usually don't have access to that file so there goes. It's portable too!