[e_i_pi]

I have a directory setup on my site essentially like this:

./
./application
  ./Controllers
  ./Models
  ./Views
./assets
./... and so on

The assets section contains material that should always be available for download, for instance images, script libraries, that sort of thing. The application directory should never be accessible, at it is accessed only by PHP includes. I've tried putting this code in my root .htaccess file:

<Directory /application>
deny from all
</Directory>

...but it forces a 500 error across the entire site. Mind you, if I put the following in the .htaccess for the application directory, it works fine:

<Directory Controllers>
	Deny from All
</Directory>
<Directory Models>
	Deny from All
</Directory>
<Directory Views>
	Deny from All
</Directory>

Can anyone explain why the latter works, but the former doesn't? My reasoning is that it is something to do with the former being the root .htaccess, but I'm not an htaccess guru.

[Dormilich]

.htaccess applies to all files and subfolders (and their files and subfolders) in the current directory. if you deny on root-level, practically every file and folder under that is protected.

This post has been edited by Dormilich: 13 August 2012 - 12:09 AM

[e_i_pi]

Right, got it. The <Directory> attribute applies to the current directory, you can't use it to deny s subdirectory. .htaccess is not my friend. I think it conspires with RegEx to drive me insane.