On a particular PHP web project that I am working on, I have a configuration file in the document root that I don’t want people to be able to access. It seems pretty simple, but it took me a while to figure out how to do this. The solution that works for me requires an Apache web server with the .htaccess file enabled.
To deny access to a single file, add this to the .htaccess file in your document root.
Deny from all