Deny from all is a quick and easy way to block all access to a folder using Apache’s .htaccess. However, consider the following scenario: you have a site root within another site root and you want to block access from the parent site but not the folder itself.
In this scenario, you likely don’t want people accessing
www.site1.com/site2/. This probably wouldn’t even render correctly and would lead to search engine indexing issues.
Deny from all wouldn’t work because it would make site2.com inaccessible. Instead this solves the problem (if added to the root site’s .htaccess file):
RewriteRule ^site2 - [F]
- [F] at the end tells Apache to not rewrite the URL and to send a 403 Forbidden status code.