We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
When .htaccess can't protect a file
in Apache HTTP Server
Based on everything I've read and tried you can't do it. You can deny a directory listing, you can completely deny access to the files in a directory based on many things like IP, user etc. and you can allow access too.
... but you cannot both allow a web visitor to access an image or data file through html and php and simultaneously deny them direct access to that same file through a browser. For individual files, .htaccess allows access or it doesn't. Web visitors can do a "view source" to see the image or data file and then just type the URL to it.