I'm trying to use .htaccess to block external access to my website's /includes/ directory which only includes processing PHP files. Both methods below 'work' but I prefer the latter because it doesn't leave the user with a error page. Can anybody let me know if it is less secure?
Is it better to use this:
<Directory "/includes">
Deny from all
</Directory>
Or this:
RedirectMatch 301 ^/includes/.*$ http://www.mymainurl.com
Or is something else more appropriate?
The website content is dynamically served by an index.php, so files within the /includes/ folder need to remain accessible via PHP's include function.
