I know this was probably asked many times, but still it is the first time I have to deal with it. In my web app I am preparing I don't want users to be able and type in url that would directly access some .php file that would otherwise be called from other .php. Testing the app, it throws an empty page or sometimes some of page but without any data. Still, I don't like that, so what are my options and cons and pros of them?
I know I can play around with apache - file access permissions, I can even place some files outside the web directory, can check referrer, ...
I am looking for some consistent way I can apply throughout the project.
What is your fav. choice and why?