Very often you may develop or host online project with a private information sitting on your filesystem available only for authorized access only. Simple way to disable direct file download for know URLs is to use .htaccess file. Within your DocumentRoot create a directory to contain your data:
# mkdir data # cd data
Move your data across to this new directory and create a .htaccess file with the following content:
<FilesMatch ".*"> Order Allow,Deny Deny from All </FilesMatch>
The above .htaccess directives will disable any direct file download for any file name and type. In order for this to work make sure to enable
AllowOverride Allfor your site.