How to avoid running php files using htaccess?

[eluser]borisoff[/eluser]
To do this I write in every php file(controllers, views, etc.)

Code:

if (!defined('BASEPATH')) exit('No direct script access allowed');

But sometimes I forget to write it. Is there a way to protect php files from executing using only htaccess file? I know that I can move my files in a different, not visible directory but this is not possible right now.

[eluser]SpooF[/eluser]
Well you can use .htaccess to restrict all access to the directory. Since php script ignore .htaccess they can be included to a script with no problem. Its not till you request them via apache .htaccess will take effect.

[eluser]borisoff[/eluser]
Could you write example code?

[eluser]Daniel Moore[/eluser]
If you are referring to having your site set up like:

Code:

|-webroot
  |-index.php
  |-.htaccess
  |-system
  |-application

then you can just set up a new .htaccess file for the system and application directories. This .htaccess needs only one line:

Code:

deny from all

If your site is set up as follows:

Code:

|-system
|-application
|-webroot
  |-index.php
  |-.htaccess

it would not then be necessary to include the additional .htaccess, because your PHP files in your system and application directory would not be directly accessible in this manner.

Either way would be fine.

[eluser]borisoff[/eluser]
Thank you