deny direct access to a folder and file by htaccess

Here is the scenario:

• There is a index.php file in root folder
• some files are included in index.php which are in the includes folder.
• 1 other file (submit.php) is in the root folder for form submit action.

I want to restrict direct user access to the files in includes folder by htaccess. also for submit.php. But include will work for index.php file. Like, if user types www.domain.com/includes/somepage.php, it will restrict it (may be redirect to a error page).

I would just move the includes folder out of the web-root, but if you want to block direct access to the whole includes folder, you can put a .htaccess file in that folder that contains just:

deny from all

That way you cannot open any file from that folder, but you can include them in php without any problems.