I have a newsletter subscription system and I would like to deny access to some files (such as the script that subscribes the user). The problem I ran into is that I need to deny access to the files for anyone coming from outside, but the scripts need to have access to each other.
For example, I have the following files:
It should not be possible to access subscribe.php by typing the corresponding URL. However, index.html needs to be able to send the data that was input into a form to subscribe.php.
Here is what I tried so far:
I left index.html in my root directory and moved subscribe.php to the folder /restricted. I added the file .htaccess to the folder restricted. .htaccess just contains:
deny from all
This gives me a 403 error when I try to access subscribe.php through the URL but it also gives me the same error when I submit the form in index.html
My question: what does my .htaccess file need to look like to archive what I want and why does what I tried not work?