PHP/Apache Deny folder access to user but not to script

Question

So I have this php web app, and one of my folder contains some files that can be downloaded.

I have a download script that modifies the headers, in order to always o

Answer 1

Move the folder out of the webserver's root directory so that apache will not server files from that directory at all. You can still include files from the folder if it is readable by the apache/http user, but your site users won't be able to access it from any url.