./ ./application ./Controllers ./Models ./Views ./assets ./... and so on
The assets section contains material that should always be available for download, for instance images, script libraries, that sort of thing. The application directory should never be accessible, at it is accessed only by PHP includes. I've tried putting this code in my root .htaccess file:
<Directory /application> deny from all </Directory>
...but it forces a 500 error across the entire site. Mind you, if I put the following in the .htaccess for the application directory, it works fine:
<Directory Controllers> Deny from All </Directory> <Directory Models> Deny from All </Directory> <Directory Views> Deny from All </Directory>
Can anyone explain why the latter works, but the former doesn't? My reasoning is that it is something to do with the former being the root .htaccess, but I'm not an htaccess guru.