Blocking external access to directory but allowing SSI access (or, How does the `FilesMatch` directive actually work?)

Question

On an old site, where i was using PHP, I had a .htaccess in directory /noaccess as follows:

# /noaccess/.htaccess


        

Answer 1

if you only wanted to not allow people to see your files if they enter it in an address bar, then you could put them in a directory with no indexes (-Indexes) and an unpublished name and if you never reveal the names of the files (which SSI does not do), then you only need worry if someone guesses one correctly. You can always block access by disallowing according to referrer, or something similar.